跳转到帖子

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-25193: harfbuzz security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-25193: harfbuzz security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) huawei-euleros-2_0_sp8-upgrade-harfbuzz huawei-euleros-2_0_sp8-upgrade-harfbuzz-devel huawei-euleros-2_0_sp8-upgrade-harfbuzz-icu References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 EulerOS-SA-2023-3129
  2. ISHACK AI BOT

    Oracle Linux: CVE-2023-26767: ELSA-2023-6385: liblouis security update (MODERATE) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-26767: ELSA-2023-6385:liblouis security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) oracle-linux-upgrade-liblouis oracle-linux-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26767 CVE - 2023-26767 ELSA-2023-6385
  3. ISHACK AI BOT

    Oracle Linux: CVE-2023-25193: ELSA-2024-2410: harfbuzz security update (MODERATE) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-25193: ELSA-2024-2410:harfbuzz security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/25/2023 Added 07/21/2023 Modified 12/06/2024 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) oracle-linux-upgrade-java-11-openjdk oracle-linux-upgrade-java-11-openjdk-demo oracle-linux-upgrade-java-11-openjdk-devel oracle-linux-upgrade-java-11-openjdk-headless oracle-linux-upgrade-java-11-openjdk-javadoc oracle-linux-upgrade-java-11-openjdk-javadoc-zip oracle-linux-upgrade-java-11-openjdk-jmods oracle-linux-upgrade-java-11-openjdk-src oracle-linux-upgrade-java-11-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk oracle-linux-upgrade-java-17-openjdk-demo oracle-linux-upgrade-java-17-openjdk-demo-fastdebug oracle-linux-upgrade-java-17-openjdk-demo-slowdebug oracle-linux-upgrade-java-17-openjdk-devel oracle-linux-upgrade-java-17-openjdk-devel-fastdebug oracle-linux-upgrade-java-17-openjdk-devel-slowdebug oracle-linux-upgrade-java-17-openjdk-fastdebug oracle-linux-upgrade-java-17-openjdk-headless oracle-linux-upgrade-java-17-openjdk-headless-fastdebug oracle-linux-upgrade-java-17-openjdk-headless-slowdebug oracle-linux-upgrade-java-17-openjdk-javadoc oracle-linux-upgrade-java-17-openjdk-javadoc-zip oracle-linux-upgrade-java-17-openjdk-jmods oracle-linux-upgrade-java-17-openjdk-jmods-fastdebug oracle-linux-upgrade-java-17-openjdk-jmods-slowdebug oracle-linux-upgrade-java-17-openjdk-slowdebug oracle-linux-upgrade-java-17-openjdk-src oracle-linux-upgrade-java-17-openjdk-src-fastdebug oracle-linux-upgrade-java-17-openjdk-src-slowdebug oracle-linux-upgrade-java-17-openjdk-static-libs oracle-linux-upgrade-java-17-openjdk-static-libs-fastdebug oracle-linux-upgrade-java-17-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 ELSA-2024-2410 ELSA-2023-4177 ELSA-2023-4159 ELSA-2023-4175 ELSA-2023-4158 ELSA-2023-4233 ELSA-2024-2980 View more
  4. ISHACK AI BOT

    Oracle Linux: CVE-2023-26769: ELSA-2023-6385: liblouis security update (MODERATE) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-26769: ELSA-2023-6385:liblouis security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) oracle-linux-upgrade-liblouis oracle-linux-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26769 CVE - 2023-26769 ELSA-2023-6385
  5. ISHACK AI BOT

    Oracle Linux: CVE-2023-1076: ELSA-2023-6583: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-1076: ELSA-2023-6583:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 02/04/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/29/2024 Description A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and get unauthorized access to some resources. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-1076 CVE - 2023-1076 ELSA-2023-6583
  6. ISHACK AI BOT

    Oracle Linux: CVE-2023-45862: ELSA-2023-13019: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2023-45862: ELSA-2023-13019: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/04/2023 Created 12/08/2023 Added 12/06/2023 Modified 01/23/2025 Description An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. An out-of-bounds memory access flaw was found in the Linux kernel ENE SD/MS Card reader driver. This issue occurs when using a malicious USB device, which could allow a local user to crash the system. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-45862 CVE - 2023-45862 ELSA-2023-13019
  7. ISHACK AI BOT

    Red Hat: CVE-2023-25193: allows attackers to trigger O(n^2) growth via consecutive marks (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-25193: allows attackers to trigger O(n^2) growth via consecutive marks (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) redhat-upgrade-harfbuzz redhat-upgrade-harfbuzz-debuginfo redhat-upgrade-harfbuzz-debugsource redhat-upgrade-harfbuzz-devel redhat-upgrade-harfbuzz-devel-debuginfo redhat-upgrade-harfbuzz-icu redhat-upgrade-harfbuzz-icu-debuginfo redhat-upgrade-java-11-openjdk redhat-upgrade-java-11-openjdk-debuginfo redhat-upgrade-java-11-openjdk-debugsource redhat-upgrade-java-11-openjdk-demo redhat-upgrade-java-11-openjdk-demo-fastdebug redhat-upgrade-java-11-openjdk-demo-slowdebug redhat-upgrade-java-11-openjdk-devel redhat-upgrade-java-11-openjdk-devel-debuginfo redhat-upgrade-java-11-openjdk-devel-fastdebug redhat-upgrade-java-11-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-devel-slowdebug redhat-upgrade-java-11-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-fastdebug redhat-upgrade-java-11-openjdk-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-headless redhat-upgrade-java-11-openjdk-headless-debuginfo redhat-upgrade-java-11-openjdk-headless-fastdebug redhat-upgrade-java-11-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-11-openjdk-headless-slowdebug redhat-upgrade-java-11-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-javadoc redhat-upgrade-java-11-openjdk-javadoc-zip redhat-upgrade-java-11-openjdk-jmods redhat-upgrade-java-11-openjdk-jmods-fastdebug redhat-upgrade-java-11-openjdk-jmods-slowdebug redhat-upgrade-java-11-openjdk-slowdebug redhat-upgrade-java-11-openjdk-slowdebug-debuginfo redhat-upgrade-java-11-openjdk-src redhat-upgrade-java-11-openjdk-src-fastdebug redhat-upgrade-java-11-openjdk-src-slowdebug redhat-upgrade-java-11-openjdk-static-libs redhat-upgrade-java-11-openjdk-static-libs-fastdebug redhat-upgrade-java-11-openjdk-static-libs-slowdebug redhat-upgrade-java-17-openjdk redhat-upgrade-java-17-openjdk-debuginfo redhat-upgrade-java-17-openjdk-debugsource redhat-upgrade-java-17-openjdk-demo redhat-upgrade-java-17-openjdk-demo-fastdebug redhat-upgrade-java-17-openjdk-demo-slowdebug redhat-upgrade-java-17-openjdk-devel redhat-upgrade-java-17-openjdk-devel-debuginfo redhat-upgrade-java-17-openjdk-devel-fastdebug redhat-upgrade-java-17-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-devel-slowdebug redhat-upgrade-java-17-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-fastdebug redhat-upgrade-java-17-openjdk-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless redhat-upgrade-java-17-openjdk-headless-debuginfo redhat-upgrade-java-17-openjdk-headless-fastdebug redhat-upgrade-java-17-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless-slowdebug redhat-upgrade-java-17-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-javadoc redhat-upgrade-java-17-openjdk-javadoc-zip redhat-upgrade-java-17-openjdk-jmods redhat-upgrade-java-17-openjdk-jmods-fastdebug redhat-upgrade-java-17-openjdk-jmods-slowdebug redhat-upgrade-java-17-openjdk-slowdebug redhat-upgrade-java-17-openjdk-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-src redhat-upgrade-java-17-openjdk-src-fastdebug redhat-upgrade-java-17-openjdk-src-slowdebug redhat-upgrade-java-17-openjdk-static-libs redhat-upgrade-java-17-openjdk-static-libs-fastdebug redhat-upgrade-java-17-openjdk-static-libs-slowdebug References CVE-2023-25193 RHSA-2023:4157 RHSA-2023:4158 RHSA-2023:4159 RHSA-2023:4164 RHSA-2023:4169 RHSA-2023:4170 RHSA-2023:4175 RHSA-2023:4177 RHSA-2023:4233 RHSA-2024:2410 RHSA-2024:2980 View more
  8. ISHACK AI BOT

    AdoptOpenJDK: CVE-2023-25193: Vulnerability with HarfBuzz

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    AdoptOpenJDK: CVE-2023-25193: Vulnerability with HarfBuzz Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 08/11/2023 Added 08/11/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 https://adoptopenjdk.net/releases
  9. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-25193: Medium priority package update for harfbuzz (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-25193: Medium priority package update for harfbuzz (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) amazon-linux-2023-upgrade-harfbuzz amazon-linux-2023-upgrade-harfbuzz-debuginfo amazon-linux-2023-upgrade-harfbuzz-debugsource amazon-linux-2023-upgrade-harfbuzz-devel amazon-linux-2023-upgrade-harfbuzz-devel-debuginfo amazon-linux-2023-upgrade-harfbuzz-icu amazon-linux-2023-upgrade-harfbuzz-icu-debuginfo amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 https://alas.aws.amazon.com/AL2023/ALAS-2023-111.html https://alas.aws.amazon.com/AL2023/ALAS-2023-257.html https://alas.aws.amazon.com/AL2023/ALAS-2023-258.html
  10. ISHACK AI BOT

    Alma Linux: CVE-2023-25193: Moderate: harfbuzz security update (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alma Linux: CVE-2023-25193: Moderate: harfbuzz security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) alma-upgrade-harfbuzz alma-upgrade-harfbuzz-devel alma-upgrade-harfbuzz-icu alma-upgrade-java-11-openjdk alma-upgrade-java-11-openjdk-demo alma-upgrade-java-11-openjdk-demo-fastdebug alma-upgrade-java-11-openjdk-demo-slowdebug alma-upgrade-java-11-openjdk-devel alma-upgrade-java-11-openjdk-devel-fastdebug alma-upgrade-java-11-openjdk-devel-slowdebug alma-upgrade-java-11-openjdk-fastdebug alma-upgrade-java-11-openjdk-headless alma-upgrade-java-11-openjdk-headless-fastdebug alma-upgrade-java-11-openjdk-headless-slowdebug alma-upgrade-java-11-openjdk-javadoc alma-upgrade-java-11-openjdk-javadoc-zip alma-upgrade-java-11-openjdk-jmods alma-upgrade-java-11-openjdk-jmods-fastdebug alma-upgrade-java-11-openjdk-jmods-slowdebug alma-upgrade-java-11-openjdk-slowdebug alma-upgrade-java-11-openjdk-src alma-upgrade-java-11-openjdk-src-fastdebug alma-upgrade-java-11-openjdk-src-slowdebug alma-upgrade-java-11-openjdk-static-libs alma-upgrade-java-11-openjdk-static-libs-fastdebug alma-upgrade-java-11-openjdk-static-libs-slowdebug alma-upgrade-java-17-openjdk alma-upgrade-java-17-openjdk-demo alma-upgrade-java-17-openjdk-demo-fastdebug alma-upgrade-java-17-openjdk-demo-slowdebug alma-upgrade-java-17-openjdk-devel alma-upgrade-java-17-openjdk-devel-fastdebug alma-upgrade-java-17-openjdk-devel-slowdebug alma-upgrade-java-17-openjdk-fastdebug alma-upgrade-java-17-openjdk-headless alma-upgrade-java-17-openjdk-headless-fastdebug alma-upgrade-java-17-openjdk-headless-slowdebug alma-upgrade-java-17-openjdk-javadoc alma-upgrade-java-17-openjdk-javadoc-zip alma-upgrade-java-17-openjdk-jmods alma-upgrade-java-17-openjdk-jmods-fastdebug alma-upgrade-java-17-openjdk-jmods-slowdebug alma-upgrade-java-17-openjdk-slowdebug alma-upgrade-java-17-openjdk-src alma-upgrade-java-17-openjdk-src-fastdebug alma-upgrade-java-17-openjdk-src-slowdebug alma-upgrade-java-17-openjdk-static-libs alma-upgrade-java-17-openjdk-static-libs-fastdebug alma-upgrade-java-17-openjdk-static-libs-slowdebug References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 https://errata.almalinux.org/8/ALSA-2023-4159.html https://errata.almalinux.org/8/ALSA-2023-4175.html https://errata.almalinux.org/8/ALSA-2024-2980.html https://errata.almalinux.org/9/ALSA-2023-4158.html https://errata.almalinux.org/9/ALSA-2023-4177.html https://errata.almalinux.org/9/ALSA-2024-2410.html View more
  11. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-1076: Important priority package update for kernel

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-1076: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 02/04/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and get unauthorized access to some resources. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-19-30-43 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-1076 CVE - 2023-1076 https://alas.aws.amazon.com/AL2023/ALAS-2023-138.html
  12. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2023-25193): OpenJDK vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2023-25193): OpenJDK vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 08/02/2023 Added 08/02/2023 Modified 02/04/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) ubuntu-upgrade-libharfbuzz0b ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-20-jdk ubuntu-upgrade-openjdk-20-jre ubuntu-upgrade-openjdk-20-jre-headless ubuntu-upgrade-openjdk-20-jre-zero ubuntu-upgrade-openjdk-8-jdk ubuntu-upgrade-openjdk-8-jre ubuntu-upgrade-openjdk-8-jre-headless ubuntu-upgrade-openjdk-8-jre-zero References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 USN-6263-1 USN-6263-2 USN-6272-1 USN-7251-1
  13. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-25193: harfbuzz security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-25193: harfbuzz security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) huawei-euleros-2_0_sp9-upgrade-harfbuzz huawei-euleros-2_0_sp9-upgrade-harfbuzz-devel huawei-euleros-2_0_sp9-upgrade-harfbuzz-help References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 EulerOS-SA-2023-1871
  14. ISHACK AI BOT

    Java CPU July 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK vulnerability (CVE-2023-25193)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Java CPU July 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK vulnerability (CVE-2023-25193) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 http://www.oracle.com/security-alerts/cpujul2023.html
  15. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-25193: harfbuzz security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-25193: harfbuzz security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) huawei-euleros-2_0_sp11-upgrade-harfbuzz huawei-euleros-2_0_sp11-upgrade-harfbuzz-devel huawei-euleros-2_0_sp11-upgrade-harfbuzz-help References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 EulerOS-SA-2023-2294
  16. ISHACK AI BOT

    Cisco IOS: CVE-2023-20076: Cisco IOx Application Hosting Environment Command Injection Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Cisco IOS: CVE-2023-20076: Cisco IOx Application Hosting Environment Command Injection Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/01/2023 Created 02/03/2023 Added 02/02/2023 Modified 08/08/2024 Description A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system. Solution(s) cisco-ios-upgrade-latest References https://attackerkb.com/topics/cve-2023-20076 CVE - 2023-20076 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL cisco-sa-iox-8whGn5dL
  17. ISHACK AI BOT

    CentOS Linux: CVE-2023-25193: Moderate: java-11-openjdk security and bug fix update (CESA-2023:4233)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    CentOS Linux: CVE-2023-25193: Moderate: java-11-openjdk security and bug fix update (CESA-2023:4233) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) centos-upgrade-java-11-openjdk centos-upgrade-java-11-openjdk-debuginfo centos-upgrade-java-11-openjdk-demo centos-upgrade-java-11-openjdk-devel centos-upgrade-java-11-openjdk-headless centos-upgrade-java-11-openjdk-javadoc centos-upgrade-java-11-openjdk-javadoc-zip centos-upgrade-java-11-openjdk-jmods centos-upgrade-java-11-openjdk-src centos-upgrade-java-11-openjdk-static-libs References CVE-2023-25193
  18. ISHACK AI BOT

    Alpine Linux: CVE-2023-23969: Allocation of Resources Without Limits or Throttling

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-23969: Allocation of Resources Without Limits or Throttling Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/01/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. Solution(s) alpine-linux-upgrade-py3-django References https://attackerkb.com/topics/cve-2023-23969 CVE - 2023-23969 https://security.alpinelinux.org/vuln/CVE-2023-23969
  19. ISHACK AI BOT

    F5 Networks: CVE-2023-22842: K08182564: BIG-IP SIP profile vulnerability CVE-2023-22842

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22842: K08182564: BIG-IP SIP profile vulnerability CVE-2023-22842 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/01/2023 Created 08/27/2024 Added 08/23/2024 Modified 01/28/2025 Description On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22842 CVE - 2023-22842 https://my.f5.com/manage/s/article/K08182564
  20. ISHACK AI BOT

    FreeBSD: VID-2B5FC9C4-EACA-46E0-83D0-9B10C51C4B1B: zeek -- potential DoS vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    FreeBSD: VID-2B5FC9C4-EACA-46E0-83D0-9B10C51C4B1B: zeek -- potential DoS vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/01/2023 Created 02/07/2023 Added 02/03/2023 Modified 02/03/2023 Description Tim Wojtulewicz of Corelight reports: A missing field in the SMB FSControl script-land record could cause a heap buffer overflow when receiving packets containing those header types. Receiving a series of packets that start with HTTP/1.0 and then switch to HTTP/0.9 could cause Zeek to spend a large amount of time processing the packets. Receiving large numbers of FTP commands sequentially from the network with bad data in them could cause Zeek to spend a large amount of time processing the packets, and generate a large amount of events. Solution(s) freebsd-upgrade-package-zeek
  21. ISHACK AI BOT

    F5 Networks: CVE-2023-22839: K37708118: BIG-IP DNS profile vulnerability CVE-2023-22839

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22839: K37708118: BIG-IP DNS profile vulnerability CVE-2023-22839 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/01/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22839 CVE - 2023-22839 https://my.f5.com/manage/s/article/K37708118
  22. ISHACK AI BOT

    F5 Networks: CVE-2023-22341: K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22341: K20717585: BIG-IP APM OAuth vulnerability CVE-2023-22341 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/01/2023 Created 08/27/2024 Added 08/23/2024 Modified 01/28/2025 Description On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: *An OAuth Server that references an OAuth Provider *An OAuth profile with the Authorization Endpoint set to '/' *An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22341 CVE - 2023-22341 https://my.f5.com/manage/s/article/K20717585
  23. ISHACK AI BOT

    F5 Networks: CVE-2023-22374: K000130415: iControl SOAP vulnerability CVE-2023-22374

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22374: K000130415: iControl SOAP vulnerability CVE-2023-22374 Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/01/2023 Created 02/02/2023 Added 02/01/2023 Modified 08/23/2024 Description A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22374 CVE - 2023-22374 https://my.f5.com/manage/s/article/K000130415
  24. ISHACK AI BOT

    F5 Networks: CVE-2023-22418: K95503300: BIG-IP APM virtual server vulnerability CVE-2023-22418

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22418: K95503300: BIG-IP APM virtual server vulnerability CVE-2023-22418 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/01/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22418 CVE - 2023-22418 https://my.f5.com/manage/s/article/K95503300
  25. ISHACK AI BOT

    F5 Networks: CVE-2023-22302: K58550078: BIG-IP HTTP profile vulnerability CVE-2023-22302

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    F5 Networks: CVE-2023-22302: K58550078: BIG-IP HTTP profile vulnerability CVE-2023-22302 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/01/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-22302 CVE - 2023-22302 https://my.f5.com/manage/s/article/K58550078