跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Oracle WebLogic: CVE-2023-33201 : Critical Patch Update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle WebLogic: CVE-2023-33201 : Critical Patch Update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/05/2023 Created 04/29/2024 Added 04/25/2024 Modified 01/30/2025 Description Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. Solution(s) oracle-weblogic-apr-2024-cpu-12_2_1_4_0 oracle-weblogic-apr-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2023-33201 CVE - 2023-33201 http://www.oracle.com/security-alerts/cpuapr2024.html https://support.oracle.com/rs?type=doc&id=3011291.2
  2. ISHACK AI BOT

    Alpine Linux: CVE-2023-37209: Use After Free

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-37209: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-37209 CVE - 2023-37209 https://security.alpinelinux.org/vuln/CVE-2023-37209
  3. ISHACK AI BOT

    Alpine Linux: CVE-2023-37204: Vulnerability in Multiple Components

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-37204: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-37204 CVE - 2023-37204 https://security.alpinelinux.org/vuln/CVE-2023-37204
  4. ISHACK AI BOT

    Alpine Linux: CVE-2023-37201: Use After Free

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-37201: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 https://security.alpinelinux.org/vuln/CVE-2023-37201
  5. ISHACK AI BOT

    Red Hat OpenShift: CVE-2023-3089: openshift: OCP & FIPS mode

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat OpenShift: CVE-2023-3089: openshift: OCP & FIPS mode Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/05/2023 Created 07/07/2023 Added 07/07/2023 Modified 01/28/2025 Description A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. Solution(s) linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-ansible References https://attackerkb.com/topics/cve-2023-3089 CVE - 2023-3089 RHSA-2023:3910 RHSA-2023:3911 RHSA-2023:3914 RHSA-2023:3915 RHSA-2023:3924 RHSA-2023:3925 RHSA-2023:4093 RHSA-2023:4112 RHSA-2023:4113 RHSA-2023:4114 RHSA-2023:4204 RHSA-2023:4238 RHSA-2023:4241 RHSA-2023:4276 RHSA-2023:4286 RHSA-2023:4287 RHSA-2023:4290 RHSA-2023:4421 RHSA-2023:4437 RHSA-2023:4456 RHSA-2023:4471 RHSA-2023:4472 RHSA-2023:4475 RHSA-2023:4575 RHSA-2023:4576 RHSA-2023:4650 RHSA-2023:4654 RHSA-2023:4664 RHSA-2023:4862 RHSA-2023:4875 RHSA-2023:4972 RHSA-2023:4980 RHSA-2023:5006 RHSA-2023:5009 RHSA-2023:5103 View more
  6. ISHACK AI BOT

    Ubuntu: USN-6201-1 (CVE-2023-37203): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6201-1 (CVE-2023-37203): Firefox vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files.This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-37203 CVE - 2023-37203 USN-6201-1
  7. ISHACK AI BOT

    Rocky Linux: CVE-2023-31248: kernel-rt (RLSA-2023-5091)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Rocky Linux: CVE-2023-31248: kernel-rt (RLSA-2023-5091) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-31248 CVE - 2023-31248 https://errata.rockylinux.org/RLSA-2023:5091
  8. ISHACK AI BOT

    SUSE: CVE-2023-35001: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-35001: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-35001 CVE - 2023-35001
  9. ISHACK AI BOT

    SUSE: CVE-2023-37201: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-37201: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201
  10. ISHACK AI BOT

    SUSE: CVE-2023-33201: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-33201: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. Solution(s) suse-upgrade-bouncycastle suse-upgrade-bouncycastle-javadoc suse-upgrade-bouncycastle-jmail suse-upgrade-bouncycastle-mail suse-upgrade-bouncycastle-pg suse-upgrade-bouncycastle-pkix suse-upgrade-bouncycastle-tls suse-upgrade-bouncycastle-util References https://attackerkb.com/topics/cve-2023-33201 CVE - 2023-33201
  11. ISHACK AI BOT

    SUSE: CVE-2023-37203: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-37203: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files.This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37203 CVE - 2023-37203
  12. ISHACK AI BOT

    Red Hat: CVE-2023-37328: gstreamer-plugins-base: heap overwrite in subtitle parsing (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-37328: gstreamer-plugins-base: heap overwrite in subtitle parsing (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 07/05/2023 Created 05/01/2024 Added 05/01/2024 Modified 12/19/2024 Description GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. Solution(s) redhat-upgrade-gstreamer1-plugins-base redhat-upgrade-gstreamer1-plugins-base-debuginfo redhat-upgrade-gstreamer1-plugins-base-debugsource redhat-upgrade-gstreamer1-plugins-base-devel redhat-upgrade-gstreamer1-plugins-base-tools redhat-upgrade-gstreamer1-plugins-base-tools-debuginfo References CVE-2023-37328 RHSA-2024:2302 RHSA-2024:3088
  13. ISHACK AI BOT

    Debian: CVE-2023-25399: scipy -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-25399: scipy -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. Solution(s) debian-upgrade-scipy References https://attackerkb.com/topics/cve-2023-25399 CVE - 2023-25399
  14. ISHACK AI BOT

    Gentoo Linux: CVE-2023-3515: Gitea: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2023-3515: Gitea: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 07/05/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. Solution(s) gentoo-linux-upgrade-www-apps-gitea References https://attackerkb.com/topics/cve-2023-3515 CVE - 2023-3515 202312-13
  15. ISHACK AI BOT

    Alpine Linux: CVE-2023-37206: Link Following

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-37206: Link Following Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-37206 CVE - 2023-37206 https://security.alpinelinux.org/vuln/CVE-2023-37206
  16. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-35001: kernel security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-35001: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-35001 CVE - 2023-35001 EulerOS-SA-2023-2898
  17. ISHACK AI BOT

    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37207)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37207) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-thunderbird-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207 http://www.mozilla.org/security/announce/2023/mfsa2023-24.html
  18. ISHACK AI BOT

    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37211)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37211) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-thunderbird-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37211 CVE - 2023-37211 http://www.mozilla.org/security/announce/2023/mfsa2023-24.html
  19. ISHACK AI BOT

    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37201)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-24 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13 (CVE-2023-37201) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-thunderbird-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 http://www.mozilla.org/security/announce/2023/mfsa2023-24.html
  20. ISHACK AI BOT

    Debian: CVE-2022-48503: webkit2gtk, wpewebkit -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2022-48503: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2022-48503 CVE - 2022-48503 DSA-5240-1 DSA-5241-1
  21. ISHACK AI BOT

    Oracle Linux: CVE-2023-3255: ELSA-2023-12855: kvm_utils3 security update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-3255: ELSA-2023-12855: kvm_utils3 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 07/04/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/07/2025 Description A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-client-qemu oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-ocaml-hivex oracle-linux-upgrade-ocaml-hivex-devel oracle-linux-upgrade-ocaml-libguestfs oracle-linux-upgrade-ocaml-libguestfs-devel oracle-linux-upgrade-ocaml-libnbd oracle-linux-upgrade-ocaml-libnbd-devel oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-audio-pa oracle-linux-upgrade-qemu-kvm-block-blkio oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu-pci oracle-linux-upgrade-qemu-kvm-device-display-virtio-vga oracle-linux-upgrade-qemu-kvm-device-usb-host oracle-linux-upgrade-qemu-kvm-device-usb-redirect oracle-linux-upgrade-qemu-kvm-docs oracle-linux-upgrade-qemu-kvm-hw-usbredir oracle-linux-upgrade-qemu-kvm-tests oracle-linux-upgrade-qemu-kvm-tools oracle-linux-upgrade-qemu-kvm-ui-egl-headless oracle-linux-upgrade-qemu-kvm-ui-opengl oracle-linux-upgrade-qemu-kvm-ui-spice oracle-linux-upgrade-qemu-pr-helper oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2023-3255 CVE - 2023-3255 ELSA-2023-12855 ELSA-2024-2962 ELSA-2024-2135
  22. ISHACK AI BOT

    MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37202)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37202) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37202 CVE - 2023-37202 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html
  23. ISHACK AI BOT

    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37208)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37208) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-esr-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37208 CVE - 2023-37208 http://www.mozilla.org/security/announce/2023/mfsa2023-23.html
  24. ISHACK AI BOT

    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37202)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37202) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-esr-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37202 CVE - 2023-37202 http://www.mozilla.org/security/announce/2023/mfsa2023-23.html
  25. ISHACK AI BOT

    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37201)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37201) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-esr-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 http://www.mozilla.org/security/announce/2023/mfsa2023-23.html