?day POC 漏洞数据库

Ubuntu: USN-7263-1 (CVE-2025-1009): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2025-1009 CVE - 2025-1009 USN-7263-1

Ubuntu: USN-6067-1 (CVE-2022-3277): OpenStack Neutron vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/06/2023 Created 05/11/2023 Added 05/11/2023 Modified 01/30/2025 Description An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. Solution(s) ubuntu-upgrade-python-neutron ubuntu-upgrade-python3-neutron …

Red Hat: CVE-2024-38600: kernel: ALSA: Fix deadlocks with kctl removals at disconnection (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end.The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state.Namely: * A process…

Microsoft Windows: CVE-2023-24906: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5023713 microsoft-windows-windows_10-1607-kb5023697 microsoft-windows-windows_10-1809-kb5023702 microsoft-windows-windows_10-20h2-kb5023696 microsoft-windows-windows_10-21h2-kb5023696 microsoft-windows-windows_10-22h2-kb5023696 microsoft-windows-w…

Oracle Linux: CVE-2024-46800: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:C) Published 09/18/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent&apos;s q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 (&quot;netem…

FreeBSD: (Multiple Advisories) (CVE-2024-9122): electron31 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron31 freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-9122

Moodle: Uncontrolled Recursion (CVE-2021-36395) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36395 CVE - 2021-36395 https://moodle.org/mod/forum/discuss.php?d=424801

FreeBSD: VID-4B7ED61F-7BBF-11EF-9369-2CF05DA270F3 (CVE-2024-4278): Gitlab -- vulnerabilities Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 09/25/2024 Created 09/28/2024 Added 09/27/2024 Modified 01/28/2025 Description An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-4278

Debian: CVE-2024-46726: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-20…

VMware Photon OS: CVE-2023-1264 Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:C) Published 03/07/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1264 CVE - 2023-1264

Red Hat: CVE-2024-47176: cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/27/2024 Created 09/28/2024 Added 09/27/2024 Modified 10/28/2024 Description CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When com…

Gentoo Linux: CVE-2022-47665: libde265: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Solution(s) gentoo-linux-upgrade-media-libs-libde265 References https://attackerkb.com/topics/cve-2022-47665 CVE - 2022-47665 202408-20

Oracle Linux: CVE-2024-46739: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent f…

Amazon Linux AMI 2: CVE-2023-1175: Security patch for vim (ALAS-2023-2005) Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-…

Huawei EulerOS: CVE-2023-25690: httpd security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngi…

SUSE: CVE-2022-3854: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) suse-upgrade-ceph suse-upgrade-ceph-base suse-upgrade-ceph-common suse-upgrade-ceph-fuse suse-upgrade-ceph-grafana-dashboards suse-upgrade-ceph-immutable-object-cache suse-upgrade-ceph-mds suse-upgrade-ceph-mgr suse-upgrade-ceph-mgr-cephadm suse-upgrade-ce…

Oracle Linux: CVE-2024-46740: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/18/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites t…

Cisco XE: CVE-2024-20433: Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 02/11/2025 Description A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by se…

SUSE: CVE-2023-28177: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-…

SUSE: CVE-2024-9121: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/25/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2024-9121 CVE - 2024-9121

Rocky Linux: CVE-2019-8720: GNOME (RLSA-2020-4451) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Solution(s) rocky-upgrade-dleyna-renderer rocky-upgrade-dleyna-renderer-debuginfo rocky-upgrade-dleyna-renderer-debugsource rocky-upgrade-frei0r-devel rocky-upgrade-frei0r-plugins rocky-upgrade-frei0r-plugins-debuginfo rocky-upgrad…

Debian: CVE-2024-46763: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/18/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host.[0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou_release() is called due to netns dismantle or explicit tunnel teardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data. Then, the tunnel socket is destroyed after a si…

Ubuntu: USN-6063-1 (CVE-2022-3854): Ceph vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/06/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Solution(s) ubuntu-upgrade-ceph ubuntu-upgrade-ceph-base ubuntu-upgrade-ceph-common References https://attackerkb.com/topics/cve-2022-3854 CVE - 2022-3854 USN-6063-1

VMware Photon OS: CVE-2023-0845 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 03/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0845 CVE - 2023-0845

Alpine Linux: CVE-2022-45141: Inadequate Encryption Strength Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) alpine-linux-upgrade-samba References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-…