Cybersecurity information flow

[GitHub]LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow Remote Code Execution Vulnerability

" [GitHub] LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow 远程代码执行漏洞"

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
[GitHub]Fix open source package uses tough-cookie 2.5.0 - CVE-2023-26136,

" 版本在4.1.3之前的tough-cookie软件包容易受到原型污染漏洞，原因是在使用CookieJar时，rejectPublicSuffixes=false模式下对Cookie处理不当。此问题源于对象初始化的方式。\n[GitHub]修复开源软件包中使用的tough-cookie 2.5.0 - CVE-2023-26136，"

影响厂商:IBM 奖励: 危险等级:medium
" 跨站脚本攻击（XSS）在 Aspera 文档网站"

影响厂商:b'IBM'(https://hackerone.com/ibm) 
" 跨站脚本攻击（XSS）在阿斯佩拉文档网站"

A shadcn table component with server-side sorting, filtering, and pagination.

SecWiki周刊（第531期) https://www.sec-wiki.com/weekly/531
在联邦推荐安全中探索用户画像与物品间的相互作用 https://mp.weixin.qq.com/s/1wsfoBg1J0dcY_AAzFHehQ
DinodasRAT Linux后门剖析及通信解密尝试 https://mp.weixin.qq.com/s/rAWQVP1EjesI6huEVNngoA
MikroTik软路由攻击场景复现及后门加解密剖析 https://mp.weixin.qq.com/s/azDzg3op0kqBUpakFtkTAw

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

" 连续第二年，网络安全防御杂志将2024年全球信息安全奖授予了Trustwave，表彰其最佳托管检测与应对（MDR）服务提供商。"

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

"  Gentoo Linux安全公告202405-2 - 在ImageMagick中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本号大于或等于6.9.13.0的受影响。"

Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2699-03 - 现在可为Red Hat Enterprise Linux 8提供git-lfs更新。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2700-03 - 现已为Red Hat Enterprise Linux 9.0扩展更新支持提供varnish更新。解决的问题包括服务拒绝漏洞。"

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

" Gentoo Linux安全公告202405-3 - 已在Dalli中发现了漏洞，可能导致代码注入。版本大于或等于3.2.3的版本受到影响。"

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

"  Gentoo Linux安全公告202405-4：在systemd中发现了多个漏洞，其中最严重的可能导致服务拒绝。版本大于或等于252.4的系统受到影响。"

Live2D Cubism suffers from a heap corruption vulnerability.

" Live2D Cubism存在堆损坏漏洞。"

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

" Debian Linux安全公告5677-1：在Ruby语言的解释器中发现了多个漏洞，可能导致信息泄露、服务拒绝或任意代码执行。"

Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.

" Debian Linux安全公告5678-1：在GNU C库中的Name Service Cache Daemon（nscd）中发现了多个漏洞，可能导致服务拒绝或执行任意代码。"

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

" Debian Linux安全公告5679-1：在less，一个文件分页器中发现了多个漏洞，如果处理具有特殊构造文件名的文件，可能导致执行任意命令。"

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

"  Gentoo Linux安全公告202405-5：在MPlayer中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本号大于或等于1.5的受影响。"

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

"  Gentoo Linux安全公告202405-6 - 已在mujs中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于1.3.2的系统受到影响。"

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

"  Gentoo Linux安全公告202405-7 - 已在HTMLDOC中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本大于或等于1.9.16的系统受到影响。"

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

"  Gentoo Linux安全公告202405-8：在strongSwan中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于5.9.10的系统受到影响。"

Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected.

"  Gentoo Linux安全公告202405-9：在MediaInfo和MediaInfoLib中发现了多个漏洞，其中最严重的漏洞可能导致用户协助下的远程代码执行。版本号大于或等于23.10的系统受到影响。"

Gentoo Linux Security Advisory 202405-10 - A vulnerability has been discovered in Setuptools, which can lead to denial of service. Versions greater than or equal to 65.5.1 are affected.

" Gentoo Linux安全公告202405-10 - 发现了Setuptools中的一个漏洞，可能导致拒绝服务。版本号大于或等于65.5.1的版本受到影响。"

Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected.

"  Gentoo Linux安全公告202405-11：在MIT krb5中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于1.21.2的系统受到影响。"

Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.

"  Gentoo Linux安全公告202405-12 - 在Pillow中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本号大于或等于10.2.0的受影响。"

Gentoo Linux Security Advisory 202405-13 - A vulnerability has been discovered in borgmatic, which can lead to shell injection. Versions greater than or equal to 1.8.8 are affected.

"  Gentoo Linux安全公告202405-13 - 已在borgmatic中发现了漏洞，可能导致shell注入。版本号大于或等于1.8.8的版本受到影响。"

Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.

"  Gentoo Linux安全公告202405-14 - 在QtWebEngine中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本号大于或等于5.15.13_p20240322的受影响。"

Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.

"  Gentoo Linux安全公告202405-15：在Mozilla Firefox中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于115.8.0：esr的用户受到影响。"

Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.

"  Gentoo Linux安全公告202405-16 - 已在Apache Commons BCEL中发现漏洞，可能导致远程代码执行。版本大于或等于6.6.0的版本受到影响。"

This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host.

" 这个Metasploit模块利用SYS_MODULE能力，以daemon用户身份在主机上执行容器逃逸。如果存在此功能，并且目标主机上有可用于编译的Linux头文件，那么我们就可以逃逸到主机。"