?day POC 漏洞数据库

Microsoft Windows: CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-window…

Microsoft Windows: CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb50…

Microsoft Windows: CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb50…

Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051…

Microsoft Office: CVE-2025-21390: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21390: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002179 microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21390 CVE - 2025-21390 https://support.microsoft.com/help/5002179 https://support.microsoft.com/help/5002679 https://supp…

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-37020): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-37020

Microsoft Windows: CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-…

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_8r1 References https://attackerkb.com/topics/cve-2024-13813 CVE - 2024-13813 https://forums.ivanti.com/s/article/February-Security…

Adobe Illustrator: CVE-2025-21163: Security updates available for Adobe Illustrator (APSB25-11) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/14/2025 Added 02/12/2025 Modified 02/12/2025 Description Adobe has released an update for Adobe Illustrator. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2025-21163 CVE - 2025-21163 https://helpx.adobe.com/security/products/…

Microsoft Office: CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21387: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002684 microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21387 CVE - 2025-21387 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002684 https://supp…

JetBrains TeamCity: CVE-2025-26492: Improper Kubernetes connection settings could expose sensitive resources (TW-91106) Severity 6 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2025-26492 CVE - 2025-26492 https://www.jetbrains.com/privacy-security/issues-fixed/

Microsoft Windows: CVE-2025-21216: Internet Connection Sharing (ICS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21216: Internet Connection Sharing (ICS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-windows-windows_11…

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2023-43758): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2023-43758

Microsoft Windows: CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-window…

Microsoft Windows: CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11-23h2-kb5051989 microsoft-…

Microsoft Office: CVE-2025-21392: Microsoft Office Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21392: Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21392 CVE - 2025-21392

Debian: CVE-2025-21687: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2025-21687 CVE - 2025-21687

Ubuntu: (CVE-2024-54658): webkit2gtk vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-54658 CVE - 2024-54658 https://webkitgtk.org/security/WSA-2025-0001.html https://www.cve.org/CVERecord?id=CVE-2024-54658

Debian: CVE-2025-21689: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port…

Debian: CVE-2025-21692: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause local privilege escalation. [ 18.852298] ------------[ cut here ]------------ [ 18.853271] UBSAN: array-index-out-of-bounds in net/sched/sch_ets.c:93:20 [ 18.853743] index 184467440737…

Debian: CVE-2025-21690: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooting from the VM side. Ratelimit the warning so it doesn't DoS the VM. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cv…

Debian: CVE-2025-21688: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL after job completion"), we introduced a change to assign the job pointer to NULL after completing a job, indicating job completion. However, this approach created a race condition between the DRM scheduler workqueue and the IRQ execution thread. As soon as the fence is …

Debian: CVE-2025-24032: pam-pkcs11 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as us…

Debian: CVE-2024-12133: libtasn1-6 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/10/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. Solution(s) debian-upgrade-libtasn1-6 References https://attackerkb.com/topics/cve-2024-12133 CVE - 2024-12…

Debian: CVE-2024-57949: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/09/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard() irq_put_desc_unlock()<--- Wa…