- 已编辑
CVE-2023-22098 Oracle VirtualBox VirtIO-Net Heap Out-Of-Bound Write Vulnerability
Oracle VM VirtualBox 7.0.10
https://github.com/google/security-research/tree/master/pocs/oracle/virtualbox/cve-2023-22098
The Cyber Threat Intelligence Database
- 已编辑
CVE-2023-21991 Oracle VirtualBox VGA MMIO Handling Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2023-21987 Oracle VirtualBox TPM MMIO Handling Stack-based Buffer Overflow Vulnerability Pwn2Own
VirtualBox internals, vulnerabilities analysis and exploitation (CVE-2023-21987 and CVE-2023-21991)
CVE-2023-20870 VMware Workstation VBluetooth Uninitialized Variable Information Disclosure Vulnerability Pwn2Own
CVE-2023-20869 VMware Workstation VBluetooth SDP Stack Buffer Overflow Vulnerability Pwn2Own
CVE-2023-31248 Linux Kernel Netfilter Subsystem nft_chain_lookup_byid Use-After-Free Vulnerability
CVE-2023-2033 Google Chrome Type confusion in V8 Stack trace API In-The-Wild
CVE-2023-3079 Google Chrome Improper Inline Cache Handler for JSStrictArgumentsObject Hole Leak Vulnerability In-The-Wild
CVE-2023-34044 VMware Workstation VBluetooth Class Request Information Disclosure Vulnerability
- 已编辑
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities
- 已编辑
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
https://www.m4p1e.com/2024/03/01/CVE-2023-3824/
https://github.com/m4p1e/php-exploit/tree/master/CVE-2023-3824
CVE-2024-21378 – Microsoft Outlook Remote Code Execution
• Chrome Renderer RCE : CVE-2023-3079
• Chrome Sandbox Escape : CVE-2023-21674
• LPE in guest OS : CVE-2023-29360
• VMware Info Leak : CVE-2023-34044
• VMware Escape : CVE-2023-20869
• LPE in host OS : CVE-2023-36802
- 已编辑
VMware Tools Zero-day Authentication Bypass Vulnerability Exploited (CVE-2023-20867) In-The-Wild
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework (CVE-2023-36899 & CVE-2023-36560)
CVE-2023-2729
Synology NAS DSM Account Takeover: When Random is not Secure
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
The Path to the Cloud is Filled with Holes: Exploiting 4G Edge Routers
CVE-2023-33375、CVE-2023-33376、CVE-2023-33377 和 CVE-2023-33378
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255)
VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability LPE
- 已编辑
CVE-2024-22319: JNDI Injection RCE in IBM ODM
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
CVE-2023-36884 MS Office and Windows HTML RCE
https://www.vicarius.io/vsociety/posts/ms-office-and-windows-html-rce-cve-2023-36884-36885