跳转到帖子

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-28486: sudo security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-28486: sudo security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. Solution(s) huawei-euleros-2_0_sp9-upgrade-sudo References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486 EulerOS-SA-2024-1973
  2. ISHACK AI BOT

    SUSE: CVE-2023-28466: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-28466: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466
  3. ISHACK AI BOT

    SUSE: CVE-2023-26768: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-26768: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26768 CVE - 2023-26768
  4. ISHACK AI BOT

    VMware Photon OS: CVE-2023-28486

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-28486 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486
  5. ISHACK AI BOT

    VMware Photon OS: CVE-2023-28487

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-28487 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487
  6. ISHACK AI BOT

    SUSE: CVE-2023-1195: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1195: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) suse-upgrade-kernel-rt References https://attackerkb.com/topics/cve-2023-1195 CVE - 2023-1195
  7. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-28486): Sudo vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-28486): Sudo vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. Solution(s) ubuntu-pro-upgrade-sudo ubuntu-pro-upgrade-sudo-ldap References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486 USN-6005-1 USN-6005-2
  8. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-28487: Important priority package update for sudo

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-28487: Important priority package update for sudo Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) amazon-linux-2023-upgrade-sudo amazon-linux-2023-upgrade-sudo-debuginfo amazon-linux-2023-upgrade-sudo-debugsource amazon-linux-2023-upgrade-sudo-devel amazon-linux-2023-upgrade-sudo-logsrvd amazon-linux-2023-upgrade-sudo-logsrvd-debuginfo amazon-linux-2023-upgrade-sudo-python-plugin amazon-linux-2023-upgrade-sudo-python-plugin-debuginfo References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 https://alas.aws.amazon.com/AL2023/ALAS-2023-135.html
  9. ISHACK AI BOT

    Rocky Linux: CVE-2023-28466: kernel (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Rocky Linux: CVE-2023-28466: kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466 https://errata.rockylinux.org/RLSA-2023:3819 https://errata.rockylinux.org/RLSA-2023:3847
  10. ISHACK AI BOT

    Red Hat: CVE-2023-1390: remote DoS in TIPC kernel module (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-1390: remote DoS in TIPC kernel module (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1390 RHSA-2021:1578 RHSA-2021:1739
  11. ISHACK AI BOT

    Debian: CVE-2023-27102: libde265 -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-27102: libde265 -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27102 CVE - 2023-27102 DLA-3676-1
  12. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-28450: dnsmasq security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-28450: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) huawei-euleros-2_0_sp11-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-28450 CVE - 2023-28450 EulerOS-SA-2023-2287
  13. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-28450: dnsmasq security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-28450: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) huawei-euleros-2_0_sp8-upgrade-dnsmasq huawei-euleros-2_0_sp8-upgrade-dnsmasq-utils References https://attackerkb.com/topics/cve-2023-28450 CVE - 2023-28450 EulerOS-SA-2023-2189
  14. ISHACK AI BOT

    VMware Photon OS: CVE-2023-28466

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-28466 Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 03/15/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466
  15. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-28161): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-28161): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-28161 CVE - 2023-28161 USN-5954-1 USN-5954-2
  16. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-28450: Security patch for dnsmasq (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-28450: Security patch for dnsmasq (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) amazon-linux-ami-2-upgrade-dnsmasq amazon-linux-ami-2-upgrade-dnsmasq-debuginfo amazon-linux-ami-2-upgrade-dnsmasq-utils References https://attackerkb.com/topics/cve-2023-28450 AL2/ALAS-2023-2069 AL2/ALASDNSMASQ-2023-001 CVE - 2023-28450
  17. ISHACK AI BOT

    Debian: CVE-2023-27103: libde265 -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-27103: libde265 -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 DLA-3676-1
  18. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-2235: Important priority package update for kernel

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-2235: Important priority package update for kernel Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event&apos;s siblings&apos; attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. The Linux kernel&apos;s Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perf_group_detach and remove_on_exec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-21-1-45 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2235 CVE - 2023-2235 https://alas.aws.amazon.com/AL2023/ALAS-2023-148.html
  19. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-28466: Important priority package update for kernel

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-28466: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 03/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). A use-after-free flaw was found in the do_tls_getsockopt function in net/tls/tls_main.c in the Transport Layer Security (TLS) in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-21-1-45 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466 https://alas.aws.amazon.com/AL2023/ALAS-2023-148.html
  20. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-25752): Firefox vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-25752): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 USN-5954-1 USN-5954-2 USN-5972-1
  21. ISHACK AI BOT

    Alpine Linux: CVE-2020-27507: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2020-27507: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. Solution(s) alpine-linux-upgrade-kamailio References https://attackerkb.com/topics/cve-2020-27507 CVE - 2020-27507 https://security.alpinelinux.org/vuln/CVE-2020-27507
  22. ISHACK AI BOT

    Alpine Linux: CVE-2023-27103: Out-of-bounds Write

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-27103: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) alpine-linux-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 https://security.alpinelinux.org/vuln/CVE-2023-27103
  23. ISHACK AI BOT

    Alpine Linux: CVE-2023-27102: NULL Pointer Dereference

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-27102: NULL Pointer Dereference Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Solution(s) alpine-linux-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27102 CVE - 2023-27102 https://security.alpinelinux.org/vuln/CVE-2023-27102
  24. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-28450: Medium priority package update for dnsmasq

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-28450: Medium priority package update for dnsmasq Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Solution(s) amazon-linux-2023-upgrade-dnsmasq amazon-linux-2023-upgrade-dnsmasq-debuginfo amazon-linux-2023-upgrade-dnsmasq-debugsource amazon-linux-2023-upgrade-dnsmasq-utils amazon-linux-2023-upgrade-dnsmasq-utils-debuginfo References https://attackerkb.com/topics/cve-2023-28450 CVE - 2023-28450 https://alas.aws.amazon.com/AL2023/ALAS-2023-192.html
  25. ISHACK AI BOT

    SUSE: CVE-2023-25748: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-25748: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-25748 CVE - 2023-25748