?day POC 漏洞数据库

VMware Photon OS: CVE-2022-3294 Severity 7 CVSS (AV:N/AC:H/Au:M/C:C/I:C/A:C) Published 03/01/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this vali…

Debian: CVE-2023-25155: redis -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/02/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) debian-upgrade-redis References https://attackerkb.com/t…

Oracle Linux: CVE-2023-28101: ELSA-2023-6518:flatpak security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 03/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 11/28/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…

VMware Photon OS: CVE-2023-28486 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Sudo before 1.9.13 does not escape control characters in log messages. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486

Cisco IOS: CVE-2024-20414: Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/22/2025 Description A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticat…

Gentoo Linux: CVE-2023-20052: ClamAV: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/01/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/30/2025 Description On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could expl…

Red Hat: CVE-2024-46858: kernel: mptcp: pm: Fix uaf in __timer_delete_sync (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 11/15/2024 Added 11/14/2024 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_pollnetlink_sendmsg __napi_pollnetlink_unicast process_backlognetlink_unicast_kernel __netif_receive_skbgenl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOKgenl_rcv_msg …

Red Hat OpenShift: CVE-2023-27561: runc: volume mount race condition (regression of ) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 06/27/2023 Added 06/26/2023 Modified 01/28/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) linuxrpm-upgrade-runc References https://attackerkb.com/topics/c…

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-39355): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-39355

Huawei EulerOS: CVE-2024-42415: libgsf security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s) huawei-euleros…

Debian: CVE-2023-25358: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-25358 CVE - 2023-25358 DLA-3124-1 DSA-5240-1 DSA-5241-1

SUSE: CVE-2024-9393: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Th…

Huawei EulerOS: CVE-2023-27561: docker-runc security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/03/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. Solution(s) huawei-euleros-2_0_sp10-upgrade-docker-runc References https://attackerkb.com/topics/cve-2…

Red Hat: CVE-2022-27672: kernel: AMD: Cross-Thread Return Address Predictions (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 03/01/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-27672 RHSA-2023:7370 RHSA-2023:7379

Debian: CVE-2024-9394: firefox-esr, thunderbird -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbir…

CentOS Linux: CVE-2023-25358: Important: webkit2gtk3 security and bug fix update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/02/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Solution(s) centos-upgrade-webkit2gtk3 centos-upgrade-webkit2gtk3-debuginfo centos-upgrade-webkit2gtk3-debugsource centos-upgrade-webkit2gtk3-devel centos-upgrade-webkit2gtk3-devel-debuginfo centos-upgrade-webkit2gtk3-jsc centos-upgrade-webkit2gtk3-jsc-debuginfo cento…

Red Hat: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control cha…

# Exploit Title: Stored XSS in NoteMark # Date: 07/29/2024 # Exploit Author: Alessio Romano (sfoffo) # Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ # Version: 0.13.0 and below # Tested on: Linux # References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819, https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182, https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3 # CVE: CVE-2024-41819 ## Steps to Reproduce 1. Log in to the application. 2. Create a new note or enter a previously created note. 3. Access the note editor functionality from the selected note by clicking on the "…

Debian: CVE-2023-28487: sudo -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) debian-upgrade-sudo References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 DLA-3732-1

# Exploit Title: Stored XSS in Gitea # Date: 27/08/2024 # Exploit Authors: Catalin Iovita & Alexandru Postolache # Vendor Homepage: (https://github.com/go-gitea/gitea) # Version: 1.22.0 # Tested on: Linux 5.15.0-107, Go 1.23.0 # CVE: CVE-2024-6886 ## Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session. ## Steps to Reproduce 1. Log in to the application. 2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$…

Red Hat: CVE-2024-8508: unbound: Unbounded name compression could lead to Denial of Service (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/03/2024 Created 02/04/2025 Added 02/03/2025 Modified 02/10/2025 Description NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestr…

FreeBSD: VID-68958E18-ED94-11ED-9688-B42E991FC52E (CVE-2023-28852): glpi -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 03/20/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. Solution(s) freebsd-upgrade-package-glpi Refe…

SUSE: CVE-2023-1195: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) suse-upgrade-kernel-rt References https://attackerkb.com/topics/cve-2023-1195 CVE - 2023-1195

Microsoft Edge Chromium: CVE-2023-1529 Out of bounds memory access in WebHID Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529

Ubuntu: USN-6021-1 (CVE-2023-1534): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 USN-6021-1