跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Atlassian Confluence: Remote Code Execution Vulnerability (CVE-2023-22505)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Atlassian Confluence: Remote Code Execution Vulnerability (CVE-2023-22505) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/18/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/30/2025 Description This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).]You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] This vulnerability was discovered by a private user and reported via our Bug Bounty program. Solution(s) atlassian-confluence-upgrade-8_3_2 atlassian-confluence-upgrade-8_4_0 References https://attackerkb.com/topics/cve-2023-22505 CVE - 2023-22505
  2. ISHACK AI BOT

    Oracle MySQL Vulnerability: CVE-2023-22048

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle MySQL Vulnerability: CVE-2023-22048 Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 07/18/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2023-22048 CVE - 2023-22048 https://www.oracle.com/security-alerts/cpujul2023.html
  3. ISHACK AI BOT

    Amazon Linux AMI: CVE-2022-26563: Security patch for monit (ALAS-2023-1805)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI: CVE-2022-26563: Security patch for monit (ALAS-2023-1805) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/18/2023 Created 08/24/2023 Added 08/23/2023 Modified 01/28/2025 Description An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. Solution(s) amazon-linux-upgrade-monit References ALAS-2023-1805 CVE-2022-26563
  4. ISHACK AI BOT

    Red Hat: CVE-2023-22036: ZIP file parsing infinite loop (8302483) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-22036: ZIP file parsing infinite loop (8302483) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/18/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) redhat-upgrade-java-11-openjdk redhat-upgrade-java-11-openjdk-debuginfo redhat-upgrade-java-11-openjdk-debugsource redhat-upgrade-java-11-openjdk-demo redhat-upgrade-java-11-openjdk-demo-fastdebug redhat-upgrade-java-11-openjdk-demo-slowdebug redhat-upgrade-java-11-openjdk-devel redhat-upgrade-java-11-openjdk-devel-debuginfo redhat-upgrade-java-11-openjdk-devel-fastdebug redhat-upgrade-java-11-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-devel-slowdebug redhat-upgrade-java-11-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-fastdebug redhat-upgrade-java-11-openjdk-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-headless redhat-upgrade-java-11-openjdk-headless-debuginfo redhat-upgrade-java-11-openjdk-headless-fastdebug redhat-upgrade-java-11-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-headless-slowdebug redhat-upgrade-java-11-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-javadoc redhat-upgrade-java-11-openjdk-javadoc-zip redhat-upgrade-java-11-openjdk-jmods redhat-upgrade-java-11-openjdk-jmods-fastdebug redhat-upgrade-java-11-openjdk-jmods-slowdebug redhat-upgrade-java-11-openjdk-slowdebug redhat-upgrade-java-11-openjdk-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-src redhat-upgrade-java-11-openjdk-src-fastdebug redhat-upgrade-java-11-openjdk-src-slowdebug redhat-upgrade-java-11-openjdk-static-libs redhat-upgrade-java-11-openjdk-static-libs-fastdebug redhat-upgrade-java-11-openjdk-static-libs-slowdebug redhat-upgrade-java-17-openjdk redhat-upgrade-java-17-openjdk-debuginfo redhat-upgrade-java-17-openjdk-debugsource redhat-upgrade-java-17-openjdk-demo redhat-upgrade-java-17-openjdk-demo-fastdebug redhat-upgrade-java-17-openjdk-demo-slowdebug redhat-upgrade-java-17-openjdk-devel redhat-upgrade-java-17-openjdk-devel-debuginfo redhat-upgrade-java-17-openjdk-devel-fastdebug redhat-upgrade-java-17-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-devel-slowdebug redhat-upgrade-java-17-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-fastdebug redhat-upgrade-java-17-openjdk-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless redhat-upgrade-java-17-openjdk-headless-debuginfo redhat-upgrade-java-17-openjdk-headless-fastdebug redhat-upgrade-java-17-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless-slowdebug redhat-upgrade-java-17-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-javadoc redhat-upgrade-java-17-openjdk-javadoc-zip redhat-upgrade-java-17-openjdk-jmods redhat-upgrade-java-17-openjdk-jmods-fastdebug redhat-upgrade-java-17-openjdk-jmods-slowdebug redhat-upgrade-java-17-openjdk-slowdebug redhat-upgrade-java-17-openjdk-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-src redhat-upgrade-java-17-openjdk-src-fastdebug redhat-upgrade-java-17-openjdk-src-slowdebug redhat-upgrade-java-17-openjdk-static-libs redhat-upgrade-java-17-openjdk-static-libs-fastdebug redhat-upgrade-java-17-openjdk-static-libs-slowdebug References CVE-2023-22036 RHSA-2023:4157 RHSA-2023:4158 RHSA-2023:4159 RHSA-2023:4164 RHSA-2023:4169 RHSA-2023:4170 RHSA-2023:4175 RHSA-2023:4177 RHSA-2023:4233 View more
  5. ISHACK AI BOT

    Red Hat: CVE-2023-22008: mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-22008: mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22008 RHSA-2024:0894 RHSA-2024:1141
  6. ISHACK AI BOT

    VMware Photon OS: CVE-2023-22057

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-22057 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22057 CVE - 2023-22057
  7. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-38432): Linux kernel (OEM) vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-38432): Linux kernel (OEM) vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/18/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1030-gkeop ubuntu-upgrade-linux-image-5-15-0-1037-nvidia ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1040-ibm ubuntu-upgrade-linux-image-5-15-0-1040-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1044-gcp ubuntu-upgrade-linux-image-5-15-0-1044-gke ubuntu-upgrade-linux-image-5-15-0-1044-kvm ubuntu-upgrade-linux-image-5-15-0-1045-oracle ubuntu-upgrade-linux-image-5-15-0-1047-aws ubuntu-upgrade-linux-image-5-15-0-1049-azure ubuntu-upgrade-linux-image-5-15-0-1049-azure-fde ubuntu-upgrade-linux-image-5-15-0-86-generic ubuntu-upgrade-linux-image-5-15-0-86-generic-64k ubuntu-upgrade-linux-image-5-15-0-86-generic-lpae ubuntu-upgrade-linux-image-5-15-0-86-lowlatency ubuntu-upgrade-linux-image-5-15-0-86-lowlatency-64k ubuntu-upgrade-linux-image-6-1-0-1019-oem ubuntu-upgrade-linux-image-6-2-0-1008-starfive ubuntu-upgrade-linux-image-6-2-0-1009-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1015-aws ubuntu-upgrade-linux-image-6-2-0-1015-oracle ubuntu-upgrade-linux-image-6-2-0-1016-azure ubuntu-upgrade-linux-image-6-2-0-1016-azure-fde ubuntu-upgrade-linux-image-6-2-0-1016-kvm ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1016-raspi ubuntu-upgrade-linux-image-6-2-0-1018-gcp ubuntu-upgrade-linux-image-6-2-0-36-generic ubuntu-upgrade-linux-image-6-2-0-36-generic-64k ubuntu-upgrade-linux-image-6-2-0-36-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-38432 CVE - 2023-38432 USN-6285-1 USN-6416-1 USN-6416-2 USN-6416-3 USN-6445-1 USN-6445-2 USN-6464-1 USN-6466-1 USN-6520-1 View more
  8. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-38431): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-38431): Linux kernel vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/18/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read. Solution(s) ubuntu-upgrade-linux-image-5-15-0-102-generic ubuntu-upgrade-linux-image-5-15-0-102-generic-64k ubuntu-upgrade-linux-image-5-15-0-102-generic-lpae ubuntu-upgrade-linux-image-5-15-0-102-lowlatency ubuntu-upgrade-linux-image-5-15-0-102-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1040-gkeop ubuntu-upgrade-linux-image-5-15-0-1048-nvidia ubuntu-upgrade-linux-image-5-15-0-1048-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1050-ibm ubuntu-upgrade-linux-image-5-15-0-1050-raspi ubuntu-upgrade-linux-image-5-15-0-1052-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1054-gke ubuntu-upgrade-linux-image-5-15-0-1054-kvm ubuntu-upgrade-linux-image-5-15-0-1055-gcp ubuntu-upgrade-linux-image-5-15-0-1055-oracle ubuntu-upgrade-linux-image-5-15-0-1057-aws ubuntu-upgrade-linux-image-5-15-0-1060-azure ubuntu-upgrade-linux-image-5-15-0-1060-azure-fde ubuntu-upgrade-linux-image-6-2-0-1006-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1013-aws ubuntu-upgrade-linux-image-6-2-0-1013-oracle ubuntu-upgrade-linux-image-6-2-0-1014-azure ubuntu-upgrade-linux-image-6-2-0-1014-azure-fde ubuntu-upgrade-linux-image-6-2-0-1014-kvm ubuntu-upgrade-linux-image-6-2-0-1014-lowlatency ubuntu-upgrade-linux-image-6-2-0-1014-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1014-raspi ubuntu-upgrade-linux-image-6-2-0-1016-gcp ubuntu-upgrade-linux-image-6-2-0-34-generic ubuntu-upgrade-linux-image-6-2-0-34-generic-64k ubuntu-upgrade-linux-image-6-2-0-34-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-38431 CVE - 2023-38431 USN-6412-1 USN-6466-1 USN-6725-1 USN-6725-2
  9. ISHACK AI BOT

    VMware Photon OS: CVE-2023-22008

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-22008 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22008 CVE - 2023-22008
  10. ISHACK AI BOT

    VMware Photon OS: CVE-2023-22056

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-22056 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22056 CVE - 2023-22056
  11. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-38426): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-38426): Linux kernel vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 07/18/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1027-gkeop ubuntu-upgrade-linux-image-5-15-0-1032-nvidia ubuntu-upgrade-linux-image-5-15-0-1032-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1037-ibm ubuntu-upgrade-linux-image-5-15-0-1037-raspi ubuntu-upgrade-linux-image-5-15-0-1039-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1041-gcp ubuntu-upgrade-linux-image-5-15-0-1041-gke ubuntu-upgrade-linux-image-5-15-0-1041-kvm ubuntu-upgrade-linux-image-5-15-0-1042-oracle ubuntu-upgrade-linux-image-5-15-0-1044-aws ubuntu-upgrade-linux-image-5-15-0-1046-azure ubuntu-upgrade-linux-image-5-15-0-1046-azure-fde ubuntu-upgrade-linux-image-5-15-0-83-generic ubuntu-upgrade-linux-image-5-15-0-83-generic-64k ubuntu-upgrade-linux-image-5-15-0-83-generic-lpae ubuntu-upgrade-linux-image-5-15-0-83-lowlatency ubuntu-upgrade-linux-image-5-15-0-83-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1004-starfive ubuntu-upgrade-linux-image-6-2-0-1009-ibm ubuntu-upgrade-linux-image-6-2-0-1011-aws ubuntu-upgrade-linux-image-6-2-0-1011-azure ubuntu-upgrade-linux-image-6-2-0-1011-oracle ubuntu-upgrade-linux-image-6-2-0-1012-kvm ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1012-raspi ubuntu-upgrade-linux-image-6-2-0-1013-gcp ubuntu-upgrade-linux-image-6-2-0-32-generic ubuntu-upgrade-linux-image-6-2-0-32-generic-64k ubuntu-upgrade-linux-image-6-2-0-32-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-38426 CVE - 2023-38426 USN-6338-1 USN-6338-2 USN-6339-1 USN-6339-2 USN-6339-3 USN-6339-4 USN-6344-1 USN-6350-1 USN-6351-1 View more
  12. ISHACK AI BOT

    Ubuntu: (CVE-2023-22007): mysql-5.7 vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (CVE-2023-22007): mysql-5.7 vulnerability Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).Supported versions that are affected are 5.7.41 and prior and8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-5-7 ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2023-22007 CVE - 2023-22007 https://www.cve.org/CVERecord?id=CVE-2023-22007 https://www.oracle.com/security-alerts/cpujul2023.html
  13. ISHACK AI BOT

    Ubuntu: USN-6288-1 (CVE-2023-22058): MySQL vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6288-1 (CVE-2023-22058): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22058 CVE - 2023-22058 USN-6288-1
  14. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-22049): OpenJDK vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-22049): OpenJDK vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/18/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-20-jdk ubuntu-upgrade-openjdk-20-jre ubuntu-upgrade-openjdk-20-jre-headless ubuntu-upgrade-openjdk-20-jre-zero ubuntu-upgrade-openjdk-8-jdk ubuntu-upgrade-openjdk-8-jre ubuntu-upgrade-openjdk-8-jre-headless ubuntu-upgrade-openjdk-8-jre-zero References https://attackerkb.com/topics/cve-2023-22049 CVE - 2023-22049 USN-6263-1 USN-6263-2 USN-6272-1
  15. ISHACK AI BOT

    Amazon Linux AMI: CVE-2023-22043: Security patch for java-1.8.0-openjdk (ALAS-2023-1797)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI: CVE-2023-22043: Security patch for java-1.8.0-openjdk (ALAS-2023-1797) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/18/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). Solution(s) amazon-linux-upgrade-java-1-8-0-openjdk References ALAS-2023-1797 CVE-2023-22043
  16. ISHACK AI BOT

    VMware Photon OS: CVE-2023-22053

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-22053 Severity 6 CVSS (AV:N/AC:H/Au:S/C:P/I:N/A:C) Published 07/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).Supported versions that are affected are 5.7.42 and prior and8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server andunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22053 CVE - 2023-22053
  17. ISHACK AI BOT

    VMware Photon OS: CVE-2023-0160

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-0160 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 07/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0160 CVE - 2023-0160
  18. ISHACK AI BOT

    Red Hat: CVE-2023-37450: arbitrary code execution (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-37450: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/18/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-37450 RHSA-2023:4201 RHSA-2023:4202
  19. ISHACK AI BOT

    SUSE: CVE-2023-22036: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-22036: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 07/18/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) suse-upgrade-java-11-openjdk suse-upgrade-java-11-openjdk-demo suse-upgrade-java-11-openjdk-devel suse-upgrade-java-11-openjdk-headless suse-upgrade-java-11-openjdk-javadoc suse-upgrade-java-11-openjdk-jmods suse-upgrade-java-11-openjdk-src suse-upgrade-java-17-openjdk suse-upgrade-java-17-openjdk-demo suse-upgrade-java-17-openjdk-devel suse-upgrade-java-17-openjdk-headless suse-upgrade-java-17-openjdk-javadoc suse-upgrade-java-17-openjdk-jmods suse-upgrade-java-17-openjdk-src suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src References https://attackerkb.com/topics/cve-2023-22036 CVE - 2023-22036
  20. ISHACK AI BOT

    Ubuntu: USN-6288-1 (CVE-2023-22008): MySQL vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6288-1 (CVE-2023-22008): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22008 CVE - 2023-22008 USN-6288-1
  21. ISHACK AI BOT

    Ubuntu: USN-6288-1 (CVE-2023-22054): MySQL vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6288-1 (CVE-2023-22054): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22054 CVE - 2023-22054 USN-6288-1
  22. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-22045: java-1.8.0-openjdk security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-22045: java-1.8.0-openjdk security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 07/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Solution(s) huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-devel huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-headless References https://attackerkb.com/topics/cve-2023-22045 CVE - 2023-22045 EulerOS-SA-2023-3130
  23. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-22049: java-1.8.0-openjdk security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-22049: java-1.8.0-openjdk security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-devel huawei-euleros-2_0_sp8-upgrade-java-1.8.0-openjdk-headless References https://attackerkb.com/topics/cve-2023-22049 CVE - 2023-22049 EulerOS-SA-2023-3130
  24. ISHACK AI BOT

    FreeBSD: VID-759A5599-3CE8-11EE-A0D1-84A93843EB75 (CVE-2023-21950): MySQL -- Multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-759A5599-3CE8-11EE-A0D1-84A93843EB75 (CVE-2023-21950): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 08/21/2023 Added 08/18/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-client57 freebsd-upgrade-package-mysql-client80 freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-server57 freebsd-upgrade-package-mysql-server80 References CVE-2023-21950
  25. ISHACK AI BOT

    Ubuntu: USN-6288-1 (CVE-2023-22046): MySQL vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6288-1 (CVE-2023-22046): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/18/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22046 CVE - 2023-22046 USN-6288-1