跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-3776: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-3776: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs References https://attackerkb.com/topics/cve-2023-3776 CVE - 2023-3776 EulerOS-SA-2023-2811
  2. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-3611: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-3611: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs References https://attackerkb.com/topics/cve-2023-3611 CVE - 2023-3611 EulerOS-SA-2023-2811
  3. ISHACK AI BOT

    Debian: CVE-2023-3609: linux -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-3609: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3609 CVE - 2023-3609 DSA-5480-1
  4. ISHACK AI BOT

    Debian: CVE-2023-3610: linux -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-3610: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3610 CVE - 2023-3610 DSA-5461-1
  5. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-37327: Security patch for gstreamer-plugins-base, gstreamer-plugins-good, gstreamer1-plugins-base, gstreamer1-plugins-good (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-37327: Security patch for gstreamer-plugins-base, gstreamer-plugins-good, gstreamer1-plugins-base, gstreamer1-plugins-good (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/21/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775. Solution(s) amazon-linux-ami-2-upgrade-gstreamer-plugins-base amazon-linux-ami-2-upgrade-gstreamer-plugins-base-debuginfo amazon-linux-ami-2-upgrade-gstreamer-plugins-base-devel amazon-linux-ami-2-upgrade-gstreamer-plugins-base-devel-docs amazon-linux-ami-2-upgrade-gstreamer-plugins-base-tools amazon-linux-ami-2-upgrade-gstreamer-plugins-good amazon-linux-ami-2-upgrade-gstreamer-plugins-good-debuginfo amazon-linux-ami-2-upgrade-gstreamer-plugins-good-devel-docs amazon-linux-ami-2-upgrade-gstreamer1-plugins-base amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-devel amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-tools amazon-linux-ami-2-upgrade-gstreamer1-plugins-good amazon-linux-ami-2-upgrade-gstreamer1-plugins-good-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-good-gtk References https://attackerkb.com/topics/cve-2023-37327 AL2/ALAS-2023-2121 AL2/ALAS-2023-2122 AL2/ALAS-2023-2154 AL2/ALAS-2023-2155 CVE - 2023-37327
  6. ISHACK AI BOT

    Rocky Linux: CVE-2023-3610: kernel-rt (RLSA-2023-5091)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Rocky Linux: CVE-2023-3610: kernel-rt (RLSA-2023-5091) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-3610 CVE - 2023-3610 https://errata.rockylinux.org/RLSA-2023:5091
  7. ISHACK AI BOT

    SUSE: CVE-2023-3611: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-3611: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-3611 CVE - 2023-3611
  8. ISHACK AI BOT

    SUSE: CVE-2023-3776: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-3776: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 08/15/2023 Added 08/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-3776 CVE - 2023-3776
  9. ISHACK AI BOT

    Microsoft Edge Chromium: CVE-2023-38187

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Edge Chromium: CVE-2023-38187 Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 07/21/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-38187 CVE - 2023-38187 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38187
  10. ISHACK AI BOT

    FreeBSD: VID-B1AC663F-3AA9-11EE-B887-B42E991FC52E (CVE-2023-37905): typo3 -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-B1AC663F-3AA9-11EE-B887-B42E991FC52E (CVE-2023-37905): typo3 -- multiple vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 07/21/2023 Created 08/16/2023 Added 08/15/2023 Modified 01/28/2025 Description ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-typo3-11-php80 freebsd-upgrade-package-typo3-11-php81 freebsd-upgrade-package-typo3-12-php80 freebsd-upgrade-package-typo3-12-php81 References CVE-2023-37905
  11. ISHACK AI BOT

    Oracle Linux: CVE-2023-32393: ELSA-2023-6535: webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-32393: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/21/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-32393 CVE - 2023-32393 ELSA-2023-6535 ELSA-2023-7055
  12. ISHACK AI BOT

    Oracle Linux: CVE-2023-3611: ELSA-2023-12842: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-3611: ELSA-2023-12842: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 10/04/2023 Added 10/03/2023 Modified 01/23/2025 Description An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-3611 CVE - 2023-3611 ELSA-2023-12842 ELSA-2023-7077 ELSA-2023-7423 ELSA-2024-1831
  13. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-38408: openssh security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-38408: openssh security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) huawei-euleros-2_0_sp8-upgrade-openssh huawei-euleros-2_0_sp8-upgrade-openssh-askpass huawei-euleros-2_0_sp8-upgrade-openssh-cavs huawei-euleros-2_0_sp8-upgrade-openssh-clients huawei-euleros-2_0_sp8-upgrade-openssh-keycat huawei-euleros-2_0_sp8-upgrade-openssh-ldap huawei-euleros-2_0_sp8-upgrade-openssh-server References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 EulerOS-SA-2023-3140
  14. ISHACK AI BOT

    Gentoo Linux: CVE-2022-2127: Samba: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2022-2127: Samba: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) gentoo-linux-upgrade-net-fs-samba References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 202402-28
  15. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-38408: openssh security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-38408: openssh security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) huawei-euleros-2_0_sp9-upgrade-openssh huawei-euleros-2_0_sp9-upgrade-openssh-clients huawei-euleros-2_0_sp9-upgrade-openssh-server References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 EulerOS-SA-2023-2901
  16. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-34967: samba security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-34967: samba security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) huawei-euleros-2_0_sp9-upgrade-libsmbclient huawei-euleros-2_0_sp9-upgrade-libwbclient huawei-euleros-2_0_sp9-upgrade-samba huawei-euleros-2_0_sp9-upgrade-samba-client huawei-euleros-2_0_sp9-upgrade-samba-common huawei-euleros-2_0_sp9-upgrade-samba-common-tools huawei-euleros-2_0_sp9-upgrade-samba-libs huawei-euleros-2_0_sp9-upgrade-samba-winbind huawei-euleros-2_0_sp9-upgrade-samba-winbind-clients huawei-euleros-2_0_sp9-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 EulerOS-SA-2023-2907
  17. ISHACK AI BOT

    OS X update for OpenSSH (CVE-2023-38408)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for OpenSSH (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 https://support.apple.com/kb/HT213940
  18. ISHACK AI BOT

    OS X update for Messages (CVE-2023-38408)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Messages (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  19. ISHACK AI BOT

    Alpine Linux: CVE-2023-38408: Unquoted Search Path or Element

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-38408: Unquoted Search Path or Element Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) alpine-linux-upgrade-openssh References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 https://security.alpinelinux.org/vuln/CVE-2023-38408
  20. ISHACK AI BOT

    CentOS Linux: CVE-2023-3347: Moderate: samba security and bug fix update (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    CentOS Linux: CVE-2023-3347: Moderate: samba security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) centos-upgrade-ctdb centos-upgrade-ctdb-debuginfo centos-upgrade-libnetapi centos-upgrade-libnetapi-debuginfo centos-upgrade-libsmbclient centos-upgrade-libsmbclient-debuginfo centos-upgrade-libwbclient centos-upgrade-libwbclient-debuginfo centos-upgrade-python3-samba centos-upgrade-python3-samba-dc centos-upgrade-python3-samba-dc-debuginfo centos-upgrade-python3-samba-debuginfo centos-upgrade-python3-samba-test centos-upgrade-samba centos-upgrade-samba-client centos-upgrade-samba-client-debuginfo centos-upgrade-samba-client-libs centos-upgrade-samba-client-libs-debuginfo centos-upgrade-samba-common centos-upgrade-samba-common-libs centos-upgrade-samba-common-libs-debuginfo centos-upgrade-samba-common-tools centos-upgrade-samba-common-tools-debuginfo centos-upgrade-samba-dc-libs centos-upgrade-samba-dc-libs-debuginfo centos-upgrade-samba-dcerpc centos-upgrade-samba-dcerpc-debuginfo centos-upgrade-samba-debuginfo centos-upgrade-samba-debugsource centos-upgrade-samba-krb5-printing centos-upgrade-samba-krb5-printing-debuginfo centos-upgrade-samba-ldb-ldap-modules centos-upgrade-samba-ldb-ldap-modules-debuginfo centos-upgrade-samba-libs centos-upgrade-samba-libs-debuginfo centos-upgrade-samba-pidl centos-upgrade-samba-test centos-upgrade-samba-test-debuginfo centos-upgrade-samba-test-libs centos-upgrade-samba-test-libs-debuginfo centos-upgrade-samba-tools centos-upgrade-samba-usershares centos-upgrade-samba-vfs-iouring centos-upgrade-samba-vfs-iouring-debuginfo centos-upgrade-samba-winbind centos-upgrade-samba-winbind-clients centos-upgrade-samba-winbind-clients-debuginfo centos-upgrade-samba-winbind-debuginfo centos-upgrade-samba-winbind-krb5-locator centos-upgrade-samba-winbind-krb5-locator-debuginfo centos-upgrade-samba-winbind-modules centos-upgrade-samba-winbind-modules-debuginfo centos-upgrade-samba-winexe centos-upgrade-samba-winexe-debuginfo References CVE-2023-3347
  21. ISHACK AI BOT

    OS X update for Music (CVE-2023-38408)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Music (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  22. ISHACK AI BOT

    CentOS Linux: CVE-2023-34967: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    CentOS Linux: CVE-2023-34967: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) centos-upgrade-ctdb centos-upgrade-ctdb-debuginfo centos-upgrade-evolution-mapi centos-upgrade-evolution-mapi-debuginfo centos-upgrade-evolution-mapi-debugsource centos-upgrade-evolution-mapi-langpacks centos-upgrade-libnetapi centos-upgrade-libnetapi-debuginfo centos-upgrade-libsmbclient centos-upgrade-libsmbclient-debuginfo centos-upgrade-libwbclient centos-upgrade-libwbclient-debuginfo centos-upgrade-openchange centos-upgrade-openchange-client-debuginfo centos-upgrade-openchange-debuginfo centos-upgrade-openchange-debugsource centos-upgrade-python3-samba centos-upgrade-python3-samba-dc centos-upgrade-python3-samba-dc-debuginfo centos-upgrade-python3-samba-debuginfo centos-upgrade-python3-samba-test centos-upgrade-samba centos-upgrade-samba-client centos-upgrade-samba-client-debuginfo centos-upgrade-samba-client-libs centos-upgrade-samba-client-libs-debuginfo centos-upgrade-samba-common centos-upgrade-samba-common-libs centos-upgrade-samba-common-libs-debuginfo centos-upgrade-samba-common-tools centos-upgrade-samba-common-tools-debuginfo centos-upgrade-samba-dc-libs centos-upgrade-samba-dc-libs-debuginfo centos-upgrade-samba-dcerpc centos-upgrade-samba-dcerpc-debuginfo centos-upgrade-samba-debuginfo centos-upgrade-samba-debugsource centos-upgrade-samba-krb5-printing centos-upgrade-samba-krb5-printing-debuginfo centos-upgrade-samba-ldb-ldap-modules centos-upgrade-samba-ldb-ldap-modules-debuginfo centos-upgrade-samba-libs centos-upgrade-samba-libs-debuginfo centos-upgrade-samba-pidl centos-upgrade-samba-test centos-upgrade-samba-test-debuginfo centos-upgrade-samba-test-libs centos-upgrade-samba-test-libs-debuginfo centos-upgrade-samba-tools centos-upgrade-samba-usershares centos-upgrade-samba-vfs-iouring centos-upgrade-samba-vfs-iouring-debuginfo centos-upgrade-samba-winbind centos-upgrade-samba-winbind-clients centos-upgrade-samba-winbind-clients-debuginfo centos-upgrade-samba-winbind-debuginfo centos-upgrade-samba-winbind-krb5-locator centos-upgrade-samba-winbind-krb5-locator-debuginfo centos-upgrade-samba-winbind-modules centos-upgrade-samba-winbind-modules-debuginfo centos-upgrade-samba-winexe centos-upgrade-samba-winexe-debuginfo References CVE-2023-34967
  23. ISHACK AI BOT

    OS X update for CoreAnimation (CVE-2023-38408)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for CoreAnimation (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  24. ISHACK AI BOT

    Huawei EulerOS: CVE-2022-2127: samba security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2022-2127: samba security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) huawei-euleros-2_0_sp8-upgrade-ctdb huawei-euleros-2_0_sp8-upgrade-ctdb-tests huawei-euleros-2_0_sp8-upgrade-libsmbclient huawei-euleros-2_0_sp8-upgrade-libwbclient huawei-euleros-2_0_sp8-upgrade-python2-samba huawei-euleros-2_0_sp8-upgrade-python2-samba-test huawei-euleros-2_0_sp8-upgrade-python3-samba huawei-euleros-2_0_sp8-upgrade-python3-samba-test huawei-euleros-2_0_sp8-upgrade-samba huawei-euleros-2_0_sp8-upgrade-samba-client huawei-euleros-2_0_sp8-upgrade-samba-client-libs huawei-euleros-2_0_sp8-upgrade-samba-common huawei-euleros-2_0_sp8-upgrade-samba-common-libs huawei-euleros-2_0_sp8-upgrade-samba-common-tools huawei-euleros-2_0_sp8-upgrade-samba-dc-libs huawei-euleros-2_0_sp8-upgrade-samba-krb5-printing huawei-euleros-2_0_sp8-upgrade-samba-libs huawei-euleros-2_0_sp8-upgrade-samba-pidl huawei-euleros-2_0_sp8-upgrade-samba-test huawei-euleros-2_0_sp8-upgrade-samba-test-libs huawei-euleros-2_0_sp8-upgrade-samba-winbind huawei-euleros-2_0_sp8-upgrade-samba-winbind-clients huawei-euleros-2_0_sp8-upgrade-samba-winbind-krb5-locator huawei-euleros-2_0_sp8-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 EulerOS-SA-2023-3157
  25. ISHACK AI BOT

    OS X update for CFNetwork (CVE-2023-38408)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for CFNetwork (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)