跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Alpine Linux: CVE-2023-4050: Out-of-bounds Write

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-4050: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4050 CVE - 2023-4050 https://security.alpinelinux.org/vuln/CVE-2023-4050
  2. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-4045): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-4045): Firefox vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4045 CVE - 2023-4045 USN-6267-1 USN-6267-2 USN-6267-3 USN-6333-1
  3. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-4057): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-4057): Firefox vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4057 CVE - 2023-4057 USN-6267-1 USN-6267-2 USN-6267-3 USN-6405-1
  4. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-4056): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-4056): Firefox vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4056 CVE - 2023-4056 USN-6267-1 USN-6267-2 USN-6267-3 USN-6333-1
  5. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-4055): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-4055): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4055 CVE - 2023-4055 USN-6267-1 USN-6267-2 USN-6267-3 USN-6333-1
  6. ISHACK AI BOT

    SUSE: CVE-2023-29408: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-29408: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/02/2023 Created 07/10/2024 Added 07/09/2024 Modified 01/28/2025 Description The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. Solution(s) suse-upgrade-kbfs suse-upgrade-kbfs-git suse-upgrade-kbfs-tool suse-upgrade-keybase-client References https://attackerkb.com/topics/cve-2023-29408 CVE - 2023-29408
  7. ISHACK AI BOT

    SUSE: CVE-2023-3301: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-3301: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2023-3301 CVE - 2023-3301
  8. ISHACK AI BOT

    Gentoo Linux: CVE-2023-4051: Mozilla Thunderbird: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2023-4051: Mozilla Thunderbird: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4051 CVE - 2023-4051 202402-25
  9. ISHACK AI BOT

    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3732): electron{22,23,24,25} -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3732): electron{22,23,24,25} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/10/2023 Added 08/08/2023 Modified 01/28/2025 Description Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 References CVE-2023-3732
  10. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3364): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3364): Gitlab -- Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-3364
  11. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-4008): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-4008): Gitlab -- Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-4008
  12. ISHACK AI BOT

    FreeBSD: VID-AB437561-47C0-11EE-8E38-002590C1F29C (CVE-2023-3494): FreeBSD -- bhyve privileged guest escape via fwctl

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-AB437561-47C0-11EE-8E38-002590C1F29C (CVE-2023-3494): FreeBSD -- bhyve privileged guest escape via fwctl Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/01/2023 Created 09/05/2023 Added 08/31/2023 Modified 01/28/2025 Description The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports.The interface lets the guest copy a string into a buffer resident in the bhyve process' memory.A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. Solution(s) freebsd-upgrade-base-13_1-release-p9 freebsd-upgrade-base-13_2-release-p2 References CVE-2023-3494
  13. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3900): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3900): Gitlab -- Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-3900
  14. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3994): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3994): Gitlab -- Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-3994
  15. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3500): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-3500): Gitlab -- Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-3500
  16. ISHACK AI BOT

    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-4011): Gitlab -- Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-FA239535-30F6-11EE-AEF9-001B217B3468 (CVE-2023-4011): Gitlab -- Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/03/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-4011
  17. ISHACK AI BOT

    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3730): electron{22,23,24,25} -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3730): electron{22,23,24,25} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/10/2023 Added 08/08/2023 Modified 01/28/2025 Description Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 References CVE-2023-3730
  18. ISHACK AI BOT

    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3728): electron{22,23,24,25} -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-F3A35FB8-2D70-47C9-A516-6AAD7EB222B1 (CVE-2023-3728): electron{22,23,24,25} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/10/2023 Added 08/08/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 References CVE-2023-3728
  19. ISHACK AI BOT

    SUSE: CVE-2023-4053: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-4053: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-4053 CVE - 2023-4053
  20. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-3978: Security patch for amazon-ssm-agent, containerd, cri-tools, ecs-init, nerdctl (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-3978: Security patch for amazon-ssm-agent, containerd, cri-tools, ecs-init, nerdctl (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/02/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. Solution(s) amazon-linux-ami-2-upgrade-amazon-ssm-agent amazon-linux-ami-2-upgrade-amazon-ssm-agent-debuginfo amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress amazon-linux-ami-2-upgrade-cri-tools amazon-linux-ami-2-upgrade-cri-tools-debuginfo amazon-linux-ami-2-upgrade-ecs-init amazon-linux-ami-2-upgrade-nerdctl amazon-linux-ami-2-upgrade-nerdctl-debuginfo References https://attackerkb.com/topics/cve-2023-3978 AL2/ALAS-2023-2303 AL2/ALAS-2023-2339 AL2/ALAS-2024-2446 AL2/ALASDOCKER-2024-037 AL2/ALASECS-2024-031 AL2/ALASECS-2024-035 AL2/ALASNITRO-ENCLAVES-2024-037 CVE - 2023-3978 View more
  21. ISHACK AI BOT

    SUSE: CVE-2022-40609: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2022-40609: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.IBM X-Force ID:236069. Solution(s) suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src References https://attackerkb.com/topics/cve-2022-40609 CVE - 2022-40609
  22. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-29409: golang security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-29409: golang security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 EulerOS-SA-2023-3029
  23. ISHACK AI BOT

    Red Hat: CVE-2023-4016: procps: ps buffer overflow (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-4016: procps: ps buffer overflow (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) redhat-upgrade-procps-ng redhat-upgrade-procps-ng-debuginfo redhat-upgrade-procps-ng-debugsource redhat-upgrade-procps-ng-devel redhat-upgrade-procps-ng-i18n References CVE-2023-4016 RHSA-2023:6705 RHSA-2023:7187
  24. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4016: procps-ng security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4016: procps-ng security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) huawei-euleros-2_0_sp9-upgrade-procps-ng huawei-euleros-2_0_sp9-upgrade-procps-ng-i18n References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 EulerOS-SA-2023-2905
  25. ISHACK AI BOT

    Oracle Linux: CVE-2023-38133: ELSA-2023-6535: webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-38133: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/02/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. A flaw was found in WebKitGTK, which exists due to excessive data output in WebKit Process Model. This issue occurs when processing malicious web content, which may lead to sensitive information disclosure to unauthorized attackers. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38133 CVE - 2023-38133 ELSA-2023-6535 ELSA-2023-7055