?day POC 漏洞数据库

Debian: CVE-2021-47595: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2) mausezahn ddd0-A 10.10.10.1 -B 10.10.10.2 -c 0 -a own -b 00:c1:a0:c1:a0:00 -t udp & 3) tc qdisc change dev ddd0 handle 10: ets bands 4 strict 2 quanta 2500 2500 priomap …

SUSE: CVE-2021-47600: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). Solution(s) suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-rt suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azu…

Huawei EulerOS: CVE-2021-47589: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/19/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which…

Oracle Linux: CVE-2024-38564: ELSA-2024-10281:kernel:4.18.0 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 12/10/2024 Added 11/27/2024 Modified 01/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing at…

Oracle Linux: CVE-2024-38549: ELSA-2024-12581: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 06/19/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and veri…

Ubuntu: (Multiple Advisories) (CVE-2023-25751): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/15/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-libmozjs-102-0 ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-2575…

Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Severity 6 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21379: DHCP Client Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_11-24h2-kb5051987 microsoft-windows-windows_server_2025-24h2-kb5051987 References https://attackerkb.com/topics/cve-2025-21379 CVE - 2025-21379 https://support.microsoft.com/help/5051987

Huawei EulerOS: CVE-2024-46857: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [168.976037] Call Trace: [168.976188]<TASK> [168.97862…

Huawei EulerOS: CVE-2024-38615: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_…

Ubuntu: (Multiple Advisories) (CVE-2024-46868): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock.That means that if we tried to set it later, then it would cause a deadlock.Drop the lock on the error path.That's what all the callers are expecting. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop …

SUSE: CVE-2024-38566: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 07/23/2024 Added 07/23/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix verifier assumptions about socket->sk The verifier assumes that 'sk' field in 'struct socket' is valid and non-NULL when 'socket' pointer itself is trusted and non-NULL. That may not be the case when socket was just created and passed to LSM socket_accept hook. Fix this verifier assumption and adjust tests. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluste…

Ubuntu: (Multiple Advisories) (CVE-2024-38615): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0…

SUSE: CVE-2023-28466: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-d…

Red Hat: CVE-2023-28466: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-28466 RHSA-2023:3708 RHSA-2023:3723 RHSA-2023:3819 RHSA-2023:3847 RHSA-2023:4789 RHSA-2…

Huawei EulerOS: CVE-2024-46822: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for t…

VMware Photon OS: CVE-2023-25155 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2…

Alpine Linux: CVE-2023-27103: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/15/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Solution(s) alpine-linux-upgrade-libde265 References https://attackerkb.com/topics/cve-2023-27103 CVE - 2023-27103 https://security.alpinelinux.org/vuln/CVE-2023-27103

Huawei EulerOS: CVE-2024-46834: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can't fetch the indirection table or when we can't allocat…

Alma Linux: CVE-2024-31228: Important: redis:6 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/30/2025 Description Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Re…

Debian: CVE-2022-47665: libde265 -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/03/2023 Created 03/09/2023 Added 03/08/2023 Modified 01/28/2025 Description Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2022-47665 CVE - 2022-47665 DLA-3352-1 DSA-5346-1

# Exploit Title: openSIS 9.1 - SQLi (Authenticated) # Google Dork: intext:"openSIS is a product" # Date: 09.09.2024 # Exploit Author: Devrim Dıragumandan (d0ub1edd) # Vendor Homepage: https://www.os4ed.com/ # Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 # Version: 9.1 # Tested on: Linux A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v9.1 via the "X-Forwarded-For" header parameters in POST request sent to /Ajax.php. GET /Ajax.php?modname=x HTTP/1.1 --- Parameter: X-Forwarded-For #1* ((custom) HEADER) Type: boolean-based blind Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY o…

# Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE) # Date: 9/21/2024 # Exploit Author: Ahmed Said Saud Al-Busaidi # Vendor Homepage: https://github.com/vexorian/dizquetv # Version: 1.5.3 # Tested on: linux POC: ## Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code execution from attackers. ## STEPS TO REPRODUCE 1. go to http://localhost/#!/settings 2. now go to ffmpeg settings and change the FFMPEG Executable Path to: "; cat /etc/passwd && echo 'poc'" 3. click on update 4. now visit http://localhost/#!/version or click on version and you should see the content of /etc/passwd

Ubuntu: USN-7231-1 (CVE-2023-27783): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27783 CVE - 2023-27783 USN-7231-1

D-Link DIR (CVE-2023-25280): D-Link DIR-820 Router OS Command Injection Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/16/2023 Created 11/29/2024 Added 11/28/2024 Modified 11/29/2024 Description OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Solution(s) dlink-retire-device References https://attackerkb.com/topics/cve-2023-25280 CVE - 2023-25280 https://www.dlink.com/en/security-bulletin/

Debian: CVE-2024-46819: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-46819 CVE - 2024-46819 DSA-5782-1