跳转到帖子

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-25730: Security patch for firefox, thunderbird (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-25730: Security patch for firefox, thunderbird (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 03/07/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-25730 AL2/ALAS-2023-1983 AL2/ALASFIREFOX-2023-007 CVE - 2023-25730
  2. ISHACK AI BOT

    Apache HTTPD: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Apache HTTPD: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 11/30/2023 Added 11/29/2023 Modified 02/14/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2023-25690 http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html https://security.gentoo.org/glsa/202309-01 CVE - 2023-25690
  3. ISHACK AI BOT

    Apache HTTPD: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Apache HTTPD: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 11/30/2023 Added 11/29/2023 Modified 02/14/2025 Description HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Solution(s) apache-httpd-upgrade-latest References https://attackerkb.com/topics/cve-2023-27522 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html https://security.gentoo.org/glsa/202309-01 CVE - 2023-27522
  4. ISHACK AI BOT

    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1218): chromium -- multiple vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-D357F6BB-0AF4-4AC9-B096-EEEC183AD829 (CVE-2023-1218): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-1218
  5. ISHACK AI BOT

    SUSE: CVE-2023-1216: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-1216: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1216 CVE - 2023-1216
  6. ISHACK AI BOT

    Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-42476)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-42476) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/07/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2022-42476 CVE - 2022-42476 https://fortiguard.com/psirt/FG-IR-22-401
  7. ISHACK AI BOT

    Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-41328)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Fortinet FortiOS: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2022-41328) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:N) Published 03/07/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/30/2025 Description A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. Solution(s) fortios-upgrade-6_2_14 fortios-upgrade-6_4_12 fortios-upgrade-7_0_10 fortios-upgrade-7_2_4 References https://attackerkb.com/topics/cve-2022-41328 CVE - 2022-41328 https://fortiguard.com/psirt/FG-IR-22-369
  8. ISHACK AI BOT

    Debian: CVE-2023-1216: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1216: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1216 CVE - 2023-1216 DSA-5371-1
  9. ISHACK AI BOT

    Debian: CVE-2023-1213: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1213: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1213 CVE - 2023-1213 DSA-5371-1
  10. ISHACK AI BOT

    Debian: CVE-2023-1235: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1235: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1235 CVE - 2023-1235 DSA-5371-1
  11. ISHACK AI BOT

    Debian: CVE-2023-1233: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1233: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1233 CVE - 2023-1233 DSA-5371-1
  12. ISHACK AI BOT

    Debian: CVE-2023-1232: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1232: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1232 CVE - 2023-1232 DSA-5371-1
  13. ISHACK AI BOT

    Debian: CVE-2023-1231: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1231: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1231 CVE - 2023-1231 DSA-5371-1
  14. ISHACK AI BOT

    Debian: CVE-2023-1229: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1229: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1229 CVE - 2023-1229 DSA-5371-1
  15. ISHACK AI BOT

    Veeam Backup and Replication: Missing Authentication for Critical Function (CVE-2023-27532)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Veeam Backup and Replication: Missing Authentication for Critical Function (CVE-2023-27532) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/07/2023 Created 03/28/2023 Added 03/24/2023 Modified 01/27/2025 Description The vulnerable process, Veeam.Backup.Service.exeDefault path:C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials. Solution(s) veeam-backup-and-replication-upgrade-latest References https://attackerkb.com/topics/cve-2023-27532 CVE - 2023-27532 https://www.veeam.com/kb4424
  16. ISHACK AI BOT

    Debian: CVE-2023-1234: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1234: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1234 CVE - 2023-1234 DSA-5371-1
  17. ISHACK AI BOT

    Debian: CVE-2023-1228: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1228: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1228 CVE - 2023-1228 DSA-5371-1
  18. ISHACK AI BOT

    Debian: CVE-2023-1215: chromium -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-1215: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1215 CVE - 2023-1215 DSA-5371-1
  19. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-1264: Security patch for vim (ALAS-2023-2005)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-1264: Security patch for vim (ALAS-2023-2005) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/07/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-1264 AL2/ALAS-2023-2005 CVE - 2023-1264
  20. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-27522: Security patch for httpd (ALAS-2023-1989)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-27522: Security patch for httpd (ALAS-2023-1989) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/07/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Solution(s) amazon-linux-ami-2-upgrade-httpd amazon-linux-ami-2-upgrade-httpd-debuginfo amazon-linux-ami-2-upgrade-httpd-devel amazon-linux-ami-2-upgrade-httpd-filesystem amazon-linux-ami-2-upgrade-httpd-manual amazon-linux-ami-2-upgrade-httpd-tools amazon-linux-ami-2-upgrade-mod_ldap amazon-linux-ami-2-upgrade-mod_md amazon-linux-ami-2-upgrade-mod_proxy_html amazon-linux-ami-2-upgrade-mod_session amazon-linux-ami-2-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-27522 AL2/ALAS-2023-1989 CVE - 2023-27522
  21. ISHACK AI BOT

    Microsoft Edge Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Edge Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1224 CVE - 2023-1224 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1224
  22. ISHACK AI BOT

    Microsoft Edge Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Edge Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1223 CVE - 2023-1223 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1223
  23. ISHACK AI BOT

    Microsoft Edge Chromium: CVE-2023-1216 Use after free in DevTools

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Edge Chromium: CVE-2023-1216 Use after free in DevTools Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1216 CVE - 2023-1216 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1216
  24. ISHACK AI BOT

    Amazon Linux AMI: CVE-2023-1264: Security patch for vim (ALAS-2023-1716)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI: CVE-2023-1264: Security patch for vim (ALAS-2023-1716) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/07/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Solution(s) amazon-linux-upgrade-vim References ALAS-2023-1716 CVE-2023-1264
  25. ISHACK AI BOT

    Microsoft Edge Chromium: CVE-2023-1234 Inappropriate implementation in Intents

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Microsoft Edge Chromium: CVE-2023-1234 Inappropriate implementation in Intents Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1234 CVE - 2023-1234 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1234