跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@HackAptTeam,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2024-2408: Security patch for php (ALASPHP8.1-2024-005)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2024-2408: Security patch for php (ALASPHP8.1-2024-005) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/09/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request:https://github.com/openssl/openssl/pull/13817(rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2024-2408 AL2/ALASPHP8.1-2024-005 CVE - 2024-2408
  2. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2024-37535: Security patch for vte291 (ALAS-2024-2610)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2024-37535: Security patch for vte291 (ALAS-2024-2610) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/09/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Solution(s) amazon-linux-ami-2-upgrade-vte-profile amazon-linux-ami-2-upgrade-vte291 amazon-linux-ami-2-upgrade-vte291-debuginfo amazon-linux-ami-2-upgrade-vte291-devel References https://attackerkb.com/topics/cve-2024-37535 AL2/ALAS-2024-2610 CVE - 2024-37535
  3. ISHACK AI BOT

    Debian: CVE-2024-2408: php8.2 -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2024-2408: php8.2 -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/09/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request:https://github.com/openssl/openssl/pull/13817(rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability. Solution(s) debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2024-2408 CVE - 2024-2408
  4. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2024-5458: Security patch for php (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2024-5458: Security patch for php (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2024-5458 AL2/ALASPHP8.1-2024-005 AL2/ALASPHP8.2-2024-005 CVE - 2024-5458
  5. ISHACK AI BOT

    Gentoo Linux: CVE-2024-5458: PHP: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2024-5458: PHP: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2024-5458 CVE - 2024-5458 202408-32
  6. ISHACK AI BOT

    Alma Linux: CVE-2024-5458: Moderate: php:8.2 security update (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alma Linux: CVE-2024-5458: Moderate: php:8.2 security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 12/20/2024 Added 12/19/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-5458 CVE - 2024-5458 https://errata.almalinux.org/8/ALSA-2024-10951.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2024-10949.html https://errata.almalinux.org/9/ALSA-2024-10950.html
  7. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2024-5458): PHP vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2024-5458): PHP vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 09/11/2024 Added 09/10/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) ubuntu-pro-upgrade-libapache2-mod-php7-0 ubuntu-pro-upgrade-libapache2-mod-php7-2 ubuntu-pro-upgrade-libapache2-mod-php7-4 ubuntu-pro-upgrade-libapache2-mod-php8-1 ubuntu-pro-upgrade-libapache2-mod-php8-2 ubuntu-pro-upgrade-libapache2-mod-php8-3 ubuntu-pro-upgrade-php7-0 ubuntu-pro-upgrade-php7-0-cgi ubuntu-pro-upgrade-php7-0-cli ubuntu-pro-upgrade-php7-0-fpm ubuntu-pro-upgrade-php7-2 ubuntu-pro-upgrade-php7-2-cgi ubuntu-pro-upgrade-php7-2-cli ubuntu-pro-upgrade-php7-2-fpm ubuntu-pro-upgrade-php7-4 ubuntu-pro-upgrade-php7-4-cgi ubuntu-pro-upgrade-php7-4-cli ubuntu-pro-upgrade-php7-4-fpm ubuntu-pro-upgrade-php8-1 ubuntu-pro-upgrade-php8-1-cgi ubuntu-pro-upgrade-php8-1-cli ubuntu-pro-upgrade-php8-1-fpm ubuntu-pro-upgrade-php8-2 ubuntu-pro-upgrade-php8-2-cgi ubuntu-pro-upgrade-php8-2-cli ubuntu-pro-upgrade-php8-2-fpm ubuntu-pro-upgrade-php8-3 ubuntu-pro-upgrade-php8-3-cgi ubuntu-pro-upgrade-php8-3-cli ubuntu-pro-upgrade-php8-3-fpm References https://attackerkb.com/topics/cve-2024-5458 CVE - 2024-5458 USN-6841-1 USN-6841-2
  8. ISHACK AI BOT

    Ubuntu: USN-6833-1 (CVE-2024-37535): VTE vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6833-1 (CVE-2024-37535): VTE vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/09/2024 Created 07/15/2024 Added 07/15/2024 Modified 10/23/2024 Description GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Solution(s) ubuntu-upgrade-libvte-2-91-0 ubuntu-upgrade-libvte-2-91-gtk4-0 References https://attackerkb.com/topics/cve-2024-37535 CVE - 2024-37535 USN-6833-1
  9. ISHACK AI BOT

    SUSE: CVE-2024-5458: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2024-5458: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 06/14/2024 Added 06/14/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) suse-upgrade-apache2-mod_php7 suse-upgrade-apache2-mod_php74 suse-upgrade-apache2-mod_php8 suse-upgrade-apache2-mod_php81 suse-upgrade-php7 suse-upgrade-php7-bcmath suse-upgrade-php7-bz2 suse-upgrade-php7-calendar suse-upgrade-php7-cli suse-upgrade-php7-ctype suse-upgrade-php7-curl suse-upgrade-php7-dba suse-upgrade-php7-devel suse-upgrade-php7-dom suse-upgrade-php7-embed suse-upgrade-php7-enchant suse-upgrade-php7-exif suse-upgrade-php7-fastcgi suse-upgrade-php7-fileinfo suse-upgrade-php7-fpm suse-upgrade-php7-ftp suse-upgrade-php7-gd suse-upgrade-php7-gettext suse-upgrade-php7-gmp suse-upgrade-php7-iconv suse-upgrade-php7-intl suse-upgrade-php7-json suse-upgrade-php7-ldap suse-upgrade-php7-mbstring suse-upgrade-php7-mysql suse-upgrade-php7-odbc suse-upgrade-php7-opcache suse-upgrade-php7-openssl suse-upgrade-php7-pcntl suse-upgrade-php7-pdo suse-upgrade-php7-pgsql suse-upgrade-php7-phar suse-upgrade-php7-posix suse-upgrade-php7-readline suse-upgrade-php7-shmop suse-upgrade-php7-snmp suse-upgrade-php7-soap suse-upgrade-php7-sockets suse-upgrade-php7-sodium suse-upgrade-php7-sqlite suse-upgrade-php7-sysvmsg suse-upgrade-php7-sysvsem suse-upgrade-php7-sysvshm suse-upgrade-php7-test suse-upgrade-php7-tidy suse-upgrade-php7-tokenizer suse-upgrade-php7-xmlreader suse-upgrade-php7-xmlrpc suse-upgrade-php7-xmlwriter suse-upgrade-php7-xsl suse-upgrade-php7-zip suse-upgrade-php7-zlib suse-upgrade-php74 suse-upgrade-php74-bcmath suse-upgrade-php74-bz2 suse-upgrade-php74-calendar suse-upgrade-php74-ctype suse-upgrade-php74-curl suse-upgrade-php74-dba suse-upgrade-php74-devel suse-upgrade-php74-dom suse-upgrade-php74-enchant suse-upgrade-php74-exif suse-upgrade-php74-fastcgi suse-upgrade-php74-fileinfo suse-upgrade-php74-fpm suse-upgrade-php74-ftp suse-upgrade-php74-gd suse-upgrade-php74-gettext suse-upgrade-php74-gmp suse-upgrade-php74-iconv suse-upgrade-php74-intl suse-upgrade-php74-json suse-upgrade-php74-ldap suse-upgrade-php74-mbstring suse-upgrade-php74-mysql suse-upgrade-php74-odbc suse-upgrade-php74-opcache suse-upgrade-php74-openssl suse-upgrade-php74-pcntl suse-upgrade-php74-pdo suse-upgrade-php74-pgsql suse-upgrade-php74-phar suse-upgrade-php74-posix suse-upgrade-php74-readline suse-upgrade-php74-shmop suse-upgrade-php74-snmp suse-upgrade-php74-soap suse-upgrade-php74-sockets suse-upgrade-php74-sodium suse-upgrade-php74-sqlite suse-upgrade-php74-sysvmsg suse-upgrade-php74-sysvsem suse-upgrade-php74-sysvshm suse-upgrade-php74-tidy suse-upgrade-php74-tokenizer suse-upgrade-php74-xmlreader suse-upgrade-php74-xmlrpc suse-upgrade-php74-xmlwriter suse-upgrade-php74-xsl suse-upgrade-php74-zip suse-upgrade-php74-zlib suse-upgrade-php8 suse-upgrade-php8-bcmath suse-upgrade-php8-bz2 suse-upgrade-php8-calendar suse-upgrade-php8-cli suse-upgrade-php8-ctype suse-upgrade-php8-curl suse-upgrade-php8-dba suse-upgrade-php8-devel suse-upgrade-php8-dom suse-upgrade-php8-embed suse-upgrade-php8-enchant suse-upgrade-php8-exif suse-upgrade-php8-fastcgi suse-upgrade-php8-fileinfo suse-upgrade-php8-fpm suse-upgrade-php8-ftp suse-upgrade-php8-gd suse-upgrade-php8-gettext suse-upgrade-php8-gmp suse-upgrade-php8-iconv suse-upgrade-php8-intl suse-upgrade-php8-ldap suse-upgrade-php8-mbstring suse-upgrade-php8-mysql suse-upgrade-php8-odbc suse-upgrade-php8-opcache suse-upgrade-php8-openssl suse-upgrade-php8-pcntl suse-upgrade-php8-pdo suse-upgrade-php8-pgsql suse-upgrade-php8-phar suse-upgrade-php8-posix suse-upgrade-php8-readline suse-upgrade-php8-shmop suse-upgrade-php8-snmp suse-upgrade-php8-soap suse-upgrade-php8-sockets suse-upgrade-php8-sodium suse-upgrade-php8-sqlite suse-upgrade-php8-sysvmsg suse-upgrade-php8-sysvsem suse-upgrade-php8-sysvshm suse-upgrade-php8-test suse-upgrade-php8-tidy suse-upgrade-php8-tokenizer suse-upgrade-php8-xmlreader suse-upgrade-php8-xmlwriter suse-upgrade-php8-xsl suse-upgrade-php8-zip suse-upgrade-php8-zlib suse-upgrade-php81 suse-upgrade-php81-bcmath suse-upgrade-php81-bz2 suse-upgrade-php81-calendar suse-upgrade-php81-cli suse-upgrade-php81-ctype suse-upgrade-php81-curl suse-upgrade-php81-dba suse-upgrade-php81-devel suse-upgrade-php81-dom suse-upgrade-php81-embed suse-upgrade-php81-enchant suse-upgrade-php81-exif suse-upgrade-php81-fastcgi suse-upgrade-php81-ffi suse-upgrade-php81-fileinfo suse-upgrade-php81-fpm suse-upgrade-php81-fpm-apache suse-upgrade-php81-ftp suse-upgrade-php81-gd suse-upgrade-php81-gettext suse-upgrade-php81-gmp suse-upgrade-php81-iconv suse-upgrade-php81-intl suse-upgrade-php81-ldap suse-upgrade-php81-mbstring suse-upgrade-php81-mysql suse-upgrade-php81-odbc suse-upgrade-php81-opcache suse-upgrade-php81-openssl suse-upgrade-php81-pcntl suse-upgrade-php81-pdo suse-upgrade-php81-pgsql suse-upgrade-php81-phar suse-upgrade-php81-posix suse-upgrade-php81-readline suse-upgrade-php81-shmop suse-upgrade-php81-snmp suse-upgrade-php81-soap suse-upgrade-php81-sockets suse-upgrade-php81-sodium suse-upgrade-php81-sqlite suse-upgrade-php81-sysvmsg suse-upgrade-php81-sysvsem suse-upgrade-php81-sysvshm suse-upgrade-php81-test suse-upgrade-php81-tidy suse-upgrade-php81-tokenizer suse-upgrade-php81-xmlreader suse-upgrade-php81-xmlwriter suse-upgrade-php81-xsl suse-upgrade-php81-zip suse-upgrade-php81-zlib References https://attackerkb.com/topics/cve-2024-5458 CVE - 2024-5458
  10. ISHACK AI BOT

    SUSE: CVE-2024-37568: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2024-37568: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/09/2024 Created 06/20/2024 Added 06/19/2024 Modified 01/28/2025 Description lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.) Solution(s) suse-upgrade-python311-authlib References https://attackerkb.com/topics/cve-2024-37568 CVE - 2024-37568
  11. ISHACK AI BOT

    SUSE: CVE-2024-37535: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2024-37535: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/09/2024 Created 06/24/2024 Added 06/24/2024 Modified 06/26/2024 Description GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Solution(s) suse-upgrade-glade-catalog-vte suse-upgrade-libvte-2_91-0 suse-upgrade-typelib-1_0-vte-2-91 suse-upgrade-typelib-1_0-vte-2_91 suse-upgrade-typelib-1_0-vte-3_91 suse-upgrade-vte-devel suse-upgrade-vte-lang suse-upgrade-vte-tools suse-upgrade-vte-tools-gtk4 References https://attackerkb.com/topics/cve-2024-37535 CVE - 2024-37535
  12. ISHACK AI BOT

    Gentoo Linux: CVE-2024-5585: PHP: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2024-5585: PHP: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/09/2024 Created 08/14/2024 Added 08/13/2024 Modified 01/28/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. Solution(s) gentoo-linux-upgrade-dev-lang-php References https://attackerkb.com/topics/cve-2024-5585 CVE - 2024-5585 202408-32
  13. ISHACK AI BOT

    SUSE: CVE-2024-36965: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2024-36965: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic. To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36965 CVE - 2024-36965
  14. ISHACK AI BOT

    Alpine Linux: CVE-2024-4577: OS Command Injection

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2024-4577: OS Command Injection Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. Solution(s) alpine-linux-upgrade-php81 alpine-linux-upgrade-php82 alpine-linux-upgrade-php83 References https://attackerkb.com/topics/cve-2024-4577 CVE - 2024-4577 https://security.alpinelinux.org/vuln/CVE-2024-4577
  15. ISHACK AI BOT

    Debian: CVE-2024-36965: linux -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2024-36965: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic. To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-36965 CVE - 2024-36965
  16. ISHACK AI BOT

    SUSE: CVE-2024-36967: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2024-36967: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36967 CVE - 2024-36967
  17. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2024-36969): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2024-36969): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected. kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1050-gkeop ubuntu-upgrade-linux-image-5-15-0-1060-ibm ubuntu-upgrade-linux-image-5-15-0-1060-raspi ubuntu-upgrade-linux-image-5-15-0-1062-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1062-nvidia ubuntu-upgrade-linux-image-5-15-0-1062-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1064-gke ubuntu-upgrade-linux-image-5-15-0-1064-kvm ubuntu-upgrade-linux-image-5-15-0-1065-oracle ubuntu-upgrade-linux-image-5-15-0-1066-gcp ubuntu-upgrade-linux-image-5-15-0-1067-aws ubuntu-upgrade-linux-image-5-15-0-1070-azure ubuntu-upgrade-linux-image-5-15-0-1070-azure-fde ubuntu-upgrade-linux-image-5-15-0-118-generic ubuntu-upgrade-linux-image-5-15-0-118-generic-64k ubuntu-upgrade-linux-image-5-15-0-118-generic-lpae ubuntu-upgrade-linux-image-5-15-0-118-lowlatency ubuntu-upgrade-linux-image-5-15-0-118-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1008-gke ubuntu-upgrade-linux-image-6-8-0-1009-raspi ubuntu-upgrade-linux-image-6-8-0-1010-ibm ubuntu-upgrade-linux-image-6-8-0-1010-oem ubuntu-upgrade-linux-image-6-8-0-1010-oracle ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1012-azure ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde ubuntu-upgrade-linux-image-6-8-0-1012-gcp ubuntu-upgrade-linux-image-6-8-0-1013-aws ubuntu-upgrade-linux-image-6-8-0-40-generic ubuntu-upgrade-linux-image-6-8-0-40-generic-64k ubuntu-upgrade-linux-image-6-8-0-40-lowlatency ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-36969 CVE - 2024-36969 USN-6949-1 USN-6949-2 USN-6950-1 USN-6950-2 USN-6950-3 USN-6950-4 USN-6952-1 USN-6952-2 USN-6955-1 USN-6956-1 USN-6957-1 USN-7019-1 View more
  18. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2024-36965): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2024-36965): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic. To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core). Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1050-gkeop ubuntu-upgrade-linux-image-5-15-0-1060-ibm ubuntu-upgrade-linux-image-5-15-0-1060-raspi ubuntu-upgrade-linux-image-5-15-0-1062-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1062-nvidia ubuntu-upgrade-linux-image-5-15-0-1062-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1064-gke ubuntu-upgrade-linux-image-5-15-0-1064-kvm ubuntu-upgrade-linux-image-5-15-0-1065-oracle ubuntu-upgrade-linux-image-5-15-0-1066-gcp ubuntu-upgrade-linux-image-5-15-0-1067-aws ubuntu-upgrade-linux-image-5-15-0-1070-azure ubuntu-upgrade-linux-image-5-15-0-1070-azure-fde ubuntu-upgrade-linux-image-5-15-0-118-generic ubuntu-upgrade-linux-image-5-15-0-118-generic-64k ubuntu-upgrade-linux-image-5-15-0-118-generic-lpae ubuntu-upgrade-linux-image-5-15-0-118-lowlatency ubuntu-upgrade-linux-image-5-15-0-118-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1008-gke ubuntu-upgrade-linux-image-6-8-0-1009-raspi ubuntu-upgrade-linux-image-6-8-0-1010-ibm ubuntu-upgrade-linux-image-6-8-0-1010-oem ubuntu-upgrade-linux-image-6-8-0-1010-oracle ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1012-azure ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde ubuntu-upgrade-linux-image-6-8-0-1012-gcp ubuntu-upgrade-linux-image-6-8-0-1013-aws ubuntu-upgrade-linux-image-6-8-0-40-generic ubuntu-upgrade-linux-image-6-8-0-40-generic-64k ubuntu-upgrade-linux-image-6-8-0-40-lowlatency ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-36965 CVE - 2024-36965 USN-6949-1 USN-6949-2 USN-6950-1 USN-6950-2 USN-6950-3 USN-6950-4 USN-6952-1 USN-6952-2 USN-6955-1 USN-6956-1 USN-6957-1 USN-7019-1 View more
  19. ISHACK AI BOT

    Ubuntu: (Multiple Advisories) (CVE-2024-36967): Linux kernel vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (Multiple Advisories) (CVE-2024-36967): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1050-gkeop ubuntu-upgrade-linux-image-5-15-0-1060-ibm ubuntu-upgrade-linux-image-5-15-0-1060-raspi ubuntu-upgrade-linux-image-5-15-0-1062-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1062-nvidia ubuntu-upgrade-linux-image-5-15-0-1062-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1064-gke ubuntu-upgrade-linux-image-5-15-0-1064-kvm ubuntu-upgrade-linux-image-5-15-0-1065-oracle ubuntu-upgrade-linux-image-5-15-0-1066-gcp ubuntu-upgrade-linux-image-5-15-0-1067-aws ubuntu-upgrade-linux-image-5-15-0-1070-azure ubuntu-upgrade-linux-image-5-15-0-1070-azure-fde ubuntu-upgrade-linux-image-5-15-0-118-generic ubuntu-upgrade-linux-image-5-15-0-118-generic-64k ubuntu-upgrade-linux-image-5-15-0-118-generic-lpae ubuntu-upgrade-linux-image-5-15-0-118-lowlatency ubuntu-upgrade-linux-image-5-15-0-118-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1008-gke ubuntu-upgrade-linux-image-6-8-0-1009-raspi ubuntu-upgrade-linux-image-6-8-0-1010-ibm ubuntu-upgrade-linux-image-6-8-0-1010-oem ubuntu-upgrade-linux-image-6-8-0-1010-oracle ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1012-azure ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde ubuntu-upgrade-linux-image-6-8-0-1012-gcp ubuntu-upgrade-linux-image-6-8-0-1013-aws ubuntu-upgrade-linux-image-6-8-0-40-generic ubuntu-upgrade-linux-image-6-8-0-40-generic-64k ubuntu-upgrade-linux-image-6-8-0-40-lowlatency ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-36967 CVE - 2024-36967 USN-6949-1 USN-6949-2 USN-6950-1 USN-6950-2 USN-6950-3 USN-6950-4 USN-6952-1 USN-6952-2 USN-6955-1 USN-6956-1 USN-6957-1 USN-7019-1 View more
  20. ISHACK AI BOT

    OS X update for Multi-Touch (CVE-2022-32933)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Multi-Touch (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  21. ISHACK AI BOT

    Ubuntu: (CVE-2024-27838): webkit2gtk vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (CVE-2024-27838): webkit2gtk vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-27838 CVE - 2024-27838 https://webkitgtk.org/security/WSA-2024-0005.html https://www.cve.org/CVERecord?id=CVE-2024-27838
  22. ISHACK AI BOT

    Ubuntu: (CVE-2024-27833): webkit2gtk vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (CVE-2024-27833): webkit2gtk vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-27833 CVE - 2024-27833 https://webkitgtk.org/security/WSA-2024-0005.html https://www.cve.org/CVERecord?id=CVE-2024-27833
  23. ISHACK AI BOT

    Ubuntu: (CVE-2024-27820): webkit2gtk vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: (CVE-2024-27820): webkit2gtk vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-27820 CVE - 2024-27820 https://webkitgtk.org/security/WSA-2024-0005.html https://www.cve.org/CVERecord?id=CVE-2024-27820
  24. ISHACK AI BOT

    Alpine Linux: CVE-2024-5458: Insufficient Verification of Data Authenticity

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2024-5458: Insufficient Verification of Data Authenticity Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) alpine-linux-upgrade-php81 alpine-linux-upgrade-php82 alpine-linux-upgrade-php83 References https://attackerkb.com/topics/cve-2024-5458 CVE - 2024-5458 https://security.alpinelinux.org/vuln/CVE-2024-5458
  25. ISHACK AI BOT

    OS X update for IOKit (CVE-2023-40389)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for IOKit (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)