跳转到帖子

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    SUSE: CVE-2023-1222: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1222: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1222 CVE - 2023-1222
  2. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-27522: httpd security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-27522: httpd security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-27522 CVE - 2023-27522 EulerOS-SA-2023-1872
  3. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-25690: httpd security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-25690: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/30/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-25690 CVE - 2023-25690 EulerOS-SA-2023-1872
  4. ISHACK AI BOT

    Debian: CVE-2023-1217: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1217: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1217 CVE - 2023-1217 DSA-5371-1
  5. ISHACK AI BOT

    CentOS Linux: CVE-2023-27522: Moderate: httpd:2.4 security update (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    CentOS Linux: CVE-2023-27522: Moderate: httpd:2.4 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Solution(s) centos-upgrade-httpd centos-upgrade-httpd-core centos-upgrade-httpd-core-debuginfo centos-upgrade-httpd-debuginfo centos-upgrade-httpd-debugsource centos-upgrade-httpd-devel centos-upgrade-httpd-filesystem centos-upgrade-httpd-manual centos-upgrade-httpd-tools centos-upgrade-httpd-tools-debuginfo centos-upgrade-mod_http2 centos-upgrade-mod_http2-debuginfo centos-upgrade-mod_http2-debugsource centos-upgrade-mod_ldap centos-upgrade-mod_ldap-debuginfo centos-upgrade-mod_lua centos-upgrade-mod_lua-debuginfo centos-upgrade-mod_md centos-upgrade-mod_md-debuginfo centos-upgrade-mod_md-debugsource centos-upgrade-mod_proxy_html centos-upgrade-mod_proxy_html-debuginfo centos-upgrade-mod_session centos-upgrade-mod_session-debuginfo centos-upgrade-mod_ssl centos-upgrade-mod_ssl-debuginfo References CVE-2023-27522
  6. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25746: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25746: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25746 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25746
  7. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25728: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25728: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25728 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25728
  8. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25690: Security patch for httpd (ALAS-2023-1989)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25690: Security patch for httpd (ALAS-2023-1989) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/30/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. Solution(s) amazon-linux-ami-2-upgrade-httpd amazon-linux-ami-2-upgrade-httpd-debuginfo amazon-linux-ami-2-upgrade-httpd-devel amazon-linux-ami-2-upgrade-httpd-filesystem amazon-linux-ami-2-upgrade-httpd-manual amazon-linux-ami-2-upgrade-httpd-tools amazon-linux-ami-2-upgrade-mod_ldap amazon-linux-ami-2-upgrade-mod_md amazon-linux-ami-2-upgrade-mod_proxy_html amazon-linux-ami-2-upgrade-mod_session amazon-linux-ami-2-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-25690 AL2/ALAS-2023-1989 CVE - 2023-25690
  9. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25739: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25739: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25739 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25739
  10. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-0494: Security patch for tigervnc, xorg-x11-server (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-0494: Security patch for tigervnc, xorg-x11-server (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. Solution(s) amazon-linux-ami-2-upgrade-tigervnc amazon-linux-ami-2-upgrade-tigervnc-debuginfo amazon-linux-ami-2-upgrade-tigervnc-icons amazon-linux-ami-2-upgrade-tigervnc-license amazon-linux-ami-2-upgrade-tigervnc-server amazon-linux-ami-2-upgrade-tigervnc-server-applet amazon-linux-ami-2-upgrade-tigervnc-server-minimal amazon-linux-ami-2-upgrade-tigervnc-server-module amazon-linux-ami-2-upgrade-xorg-x11-server-common amazon-linux-ami-2-upgrade-xorg-x11-server-debuginfo amazon-linux-ami-2-upgrade-xorg-x11-server-devel amazon-linux-ami-2-upgrade-xorg-x11-server-source amazon-linux-ami-2-upgrade-xorg-x11-server-xdmx amazon-linux-ami-2-upgrade-xorg-x11-server-xephyr amazon-linux-ami-2-upgrade-xorg-x11-server-xnest amazon-linux-ami-2-upgrade-xorg-x11-server-xorg amazon-linux-ami-2-upgrade-xorg-x11-server-xvfb amazon-linux-ami-2-upgrade-xorg-x11-server-xwayland References https://attackerkb.com/topics/cve-2023-0494 AL2/ALAS-2023-1982 AL2/ALAS-2024-2558 CVE - 2023-0494
  11. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25735: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25735: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25735 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25735
  12. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-0767: Security patch for firefox, nss, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-0767: Security patch for firefox, nss, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-nss amazon-linux-ami-2-upgrade-nss-debuginfo amazon-linux-ami-2-upgrade-nss-devel amazon-linux-ami-2-upgrade-nss-pkcs11-devel amazon-linux-ami-2-upgrade-nss-sysinit amazon-linux-ami-2-upgrade-nss-tools amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-0767 AL2/ALAS-2023-1983 AL2/ALAS-2023-1992 AL2/ALASFIREFOX-2023-007 CVE - 2023-0767
  13. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25729: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25729: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25729 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25729
  14. ISHACK AI BOT

    SUSE: CVE-2023-1217: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1217: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1217 CVE - 2023-1217
  15. ISHACK AI BOT

    SUSE: CVE-2023-1264: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1264: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/07/2023 Created 05/05/2023 Added 05/05/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small suse-upgrade-xxd References https://attackerkb.com/topics/cve-2023-1264 CVE - 2023-1264
  16. ISHACK AI BOT

    SUSE: CVE-2023-1230: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1230: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1230 CVE - 2023-1230
  17. ISHACK AI BOT

    SUSE: CVE-2023-1219: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1219: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1219 CVE - 2023-1219
  18. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1226): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1226): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1226
  19. ISHACK AI BOT

    SUSE: CVE-2023-1218: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1218: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1218 CVE - 2023-1218
  20. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1230): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1230): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1230
  21. ISHACK AI BOT

    SUSE: CVE-2023-1231: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1231: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1231 CVE - 2023-1231
  22. ISHACK AI BOT

    FreeBSD: VID-8EDEB3C1-BFE7-11ED-96F5-3497F65B111B (CVE-2023-27522): Apache httpd -- Multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-8EDEB3C1-BFE7-11ED-96F5-3497F65B111B (CVE-2023-27522): Apache httpd -- Multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Solution(s) freebsd-upgrade-package-apache24 References CVE-2023-27522
  23. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1235): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1235): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1235
  24. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1236): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1236): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1236
  25. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1219): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1219): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1219