?day POC 漏洞数据库

Microsoft Edge Chromium: CVE-2023-1213 Use after free in Swiftshader Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/07/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1213 CVE - 2023-1213 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1213

Debian: CVE-2023-1175: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/04/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1175 CVE - 2023-1175 DLA-3453-1

Debian: CVE-2023-1170: vim -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 03/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-1170 CVE - 2023-1170

Alpine Linux: CVE-2019-8720: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/06/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Solution(s) alpine-linux-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2019-8720 CVE - 2019-8720 https://security.alpinelinux.org/vuln/CVE-2019-8720

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36401) Severity 4 CVSS (AV:A/AC:M/Au:S/C:P/I:P/A:N) Published 03/06/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Solution(s) moodle-upgrade-3_10_5 moodle-upgrade-3_11_1 moodle-upgrade-3_9_8 References https://attackerkb.com/topics/cve-2021-36401 CVE - 2021-36401 https://moodle.org/mod/forum/discuss.php?d=424807

Oracle Linux: CVE-2021-47579: ELSA-2024-5101:kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 11/29/2024 Description In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overla…

Oracle Linux: CVE-2024-38618: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer.Such a situation may lead to an unexpected RCU stall, wherethe callback repeatedly queuing the expire update, as reporte…

Huawei EulerOS: CVE-2024-38601: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->p…

Debian: CVE-2023-1534: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 DSA-5377-1

Gentoo Linux: CVE-2023-28101: Flatpak: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, …

Debian: CVE-2024-9632: xorg-server, xwayland -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/31/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Solution(s) debian-upgrade-xorg-server debian-upgrade-xwayland References https://attackerkb.com/to…

OS X update for Face Gallery (CVE-2023-32409) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/23/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21386: Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002687 microsoft-office_online_server-kb5002679 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21386 CVE - 2025-21386 https://support.microsoft.com/help/5002679 https://support.microsoft.com/help/5002687

Huawei EulerOS: CVE-2022-48713: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/pt: Fix crash with stop filters in single-range mode Add a check for !buf->single before calling pt_buffer_region_size in a place where a missing check can cause a kernel crash. Fixes a bug introduced by commit 670638477aed ("perf/x86/intel/pt: Opportunistically use single range output mode"), which added a support for PT single-range output mode. Since that commit if a PT s…

Debian: CVE-2022-48714: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Use VM_MAP instead of VM_ALLOC for ringbuf After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages after mapping"), non-VM_ALLOC mappings will be marked as accessible in __get_vm_area_node() when KASAN is enabled. But now the flag for ringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access after vmap() returns. Because the ringbuf area is created by mapping allocated pa…

Huawei EulerOS: CVE-2023-28617: emacs security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/19/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Solution(s) huawei-euleros-2_0_sp10-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2023-28617 CVE - 2023-28617 EulerOS-SA-2023-1819

Debian: CVE-2024-8926: php8.2 -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/04/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/30/2025 Description In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arb…

SUSE: CVE-2023-1534: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534

漏洞描述金盘 微信管理平台 getsysteminfo接口存在未授权访问漏洞，攻击者通过漏洞可以获取账号密码信息，获取后台管理员权限。 漏洞影响金盘 微信管理平台 网络测绘title=”微信管理后台” && icon_hash=”116323821″ 漏洞复现登陆页面 验证POC /admin/weichatcfg/getsysteminfo

FreeBSD: VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468 (CVE-2023-1072): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/02/2023 Created 03/07/2023 Added 03/05/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-F7C5B3A9-B9FB-11ED-99C6-001B217B3468: Gitlab reports: Stored XSS via Kroki diagram Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings Improper validation of SSO and SC…

Debian: CVE-2024-38587: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 06/28/2024 Added 06/27/2024 Modified 06/27/2024 Description In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values.This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got out of bounds. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-38587 CVE - 2024-38587 DLA-3840-1

Debian: CVE-2021-47586: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member is empty, so the memory after the ops structure is being read here.It seems that mostly this happens to contain zero anyway, so we get lucky and everything still works. To avoid adding…

Rocky Linux: CVE-2024-36978: kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-…

Debian: CVE-2023-23003: linux -- security update Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 03/01/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-23003 CVE - 2023-23003

Debian: CVE-2021-47594: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treverses all the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching the delete endpoint, the listener TCP socket will be closed. That is unexpected, the PM should only affect data subflows. Additionally, syzbot was able to trigger a NULL p…