?day POC 漏洞数据库

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2025-22467 CVE - 2025-22467 https://forums.ivanti.com/s/article/Februa…

Microsoft Windows: CVE-2025-21208: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21208: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051…

Microsoft Windows: CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb5051989 microsoft-windows-windows_11…

Microsoft SharePoint: CVE-2025-21400: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft SharePoint: CVE-2025-21400: Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002685 microsoft-sharepoint-sharepoint_2019-kb5002678 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002681 References https://attackerkb.com/topics/cve-2025-21400 CVE - 2025-21400 https://support.microsoft.com/help/50026…

Microsoft Windows: CVE-2025-21179: DHCP Client Service Denial of Service Vulnerability Severity 4 CVSS (AV:A/AC:H/Au:N/C:N/I:N/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21179: DHCP Client Service Denial of Service Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21179 CVE - 2025-21179 https://support.microsoft.com/help/5051987

Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Severity 6 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21379 CVE - 2025-21379 https://support.microsoft.com/help/5051987

Microsoft Edge Chromium: CVE-2025-21408 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/10/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21408 CVE - 2025-21408 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408

Microsoft Edge Chromium: CVE-2025-21267 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/11/2025 Added 02/07/2025 Modified 02/10/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21267 CVE - 2025-21267 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21267

Red Hat: CVE-2025-23085: nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 02/07/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/14/2025 Description A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on…

Rocky Linux: CVE-2025-23085: nodejs-18 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/07/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x. …

F5 Networks: CVE-2025-24326: K000140950: BIG-IP ASM BADoS vulnerability CVE-2025-24326 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-24326 CVE - 2025-24326 https://my.f5.com/manage/s/article…

F5 Networks: CVE-2025-23415: K000139656: BIG-IP APM endpoint inspection vulnerability CVE-2025-23415 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) …

OS X update for WebKit (CVE-2024-27859) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/12/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14_4 References https://attackerkb.com/topics/cve-2024-27859 CVE - 2024-27859 https://support.apple.com/en-us/120895

F5 Networks: CVE-2025-22891: K000139778: BIG-IP PEM vulnerability CVE-2025-22891 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/c…

F5 Networks: CVE-2025-20045: K000138932: BIG-IP SIP ALG profile vulnerability CVE-2025-20045 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References …

Apple Safari security update for CVE-2024-54658 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/12/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. Solution(s) apple-safari-upgrade-17_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-54658 CVE - 2024-54658 http://support.apple.com/en-us/120894

Debian: CVE-2023-52924: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo") 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to decreme…

SUSE: CVE-2025-22866: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. Solution(s) suse-upgrade-go1-22 suse-upgrade-go1-22-doc suse-upgrade-go1-22-race suse-upgrade-go1-23 suse-…

F5 Networks: CVE-2025-20058: K000140947: BIG-IP message routing vulnerability CVE-2025-20058 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-20058 CVE - 2025-20058 https://my.f5.com/manage/s/article/K000140947

F5 Networks: CVE-2025-20029: K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-20029 CVE - 2025-20029 https…

Nginx: SSL session reuse vulnerability (CVE-2025-23419) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises whenTLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_keyare used and/or theSSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cacheare used in the default server …

F5 Networks: CVE-2025-24312: K000141380: BIG-IP AFM vulnerability CVE-2025-24312 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-24312 CV…

F5 Networks: CVE-2025-21087: K000134888: TMM vulnerability CVE-2025-21087 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-21087 CVE - 2025-21087 https://my.f5.com…

SUSE: CVE-2025-24787: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely an…

F5 Networks: CVE-2025-24320: K000140578: BIG-IP Configuration utility vulnerability CVE-2025-24320 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix forCVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. …