Cybersecurity information flow

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.
[GitHub]Exploit for Cisco ASA and FTD (may 2024)

" 思科自适应安全设备（ASA）软件和思科Firepower威胁防御（FTD）软件的管理和VPN Web服务器存在一个漏洞，可能导致未经身份验证的远程攻击者意外地使设备重新加载，从而导致服务拒绝（DoS）状况。这个漏洞是由于在解析HTTP头部时错误检查不完整导致的。攻击者可以通过向设备上的目标Web服务器发送精心构造的HTTP请求来利用这个漏洞。成功的攻击可能导致设备在重新加载时引发DoS状况。\n[GitHub]针对思科ASA和FTD的利用（2024年5月）"

Microsoft Outlook Remote Code Execution Vulnerability
[GitHub]CVE-2024-21413 Microsoft Outlook RCE Exploit

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
[GitHub]CVE-2024-27956 WORDPRESS RCE PLUGIN

" 不良的特殊元素在SQL命令中的中性化('SQL注入')漏洞在ValvePress自动版中允许SQL注入。此问题影响自动版：从n/a至3.92.0。\n[GitHub]CVE-2024-27956 WORDPRESS RCE插件"

影响厂商:U.S. Dept Of Defense 奖励: 危险等级:medium
" 登录页面上的错误信息反射型XSS攻击"

影响厂商:U.S. Dept Of Defense 奖励: 危险等级:medium
" 反射型跨站脚本攻击 [CVE-2020-3580]"

影响厂商:U.S. Dept Of Defense 奖励: 危险等级:medium
" 通过Moodle实现的反射XSS漏洞（CVE-2022-35653）\n\n反射XSS（跨站脚本攻击）是一种网络安全漏洞，攻击者通过诱使受害者访问恶意构造的URL，将恶意脚本反射到受害者浏览器上，从而实现对受害者的攻击。Moodle是一款广泛应用于教育行业的开源学习管理系统，拥有众多用户。此次反射XSS漏洞的曝光，提醒我们要时刻关注网络安全，及时修复潜在漏洞，保护用户数据安全。CVE-2022-35653是该漏洞的通用漏洞披露编号，方便网络安全社区跟踪和解决这一问题。\n\n为保证信达雅，翻译时将英文翻译为中文，并保留了原文的格式和重点词汇。"

影响厂商:U.S. Dept Of Defense 奖励: 危险等级:medium
" 通过Keycloak反射的XSS漏洞（CVE-2021-20323）"

影响厂商:Node.js 奖励: 危险等级:medium
" 通过内容长度混淆进行HTTP请求走私"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" 通过Keycloak反射的XSS漏洞：[CVE-2021-20323]"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" 反射型跨站脚本攻击 [CVE-2020-3580]"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" 通过搜索查询实现的跨站脚本反射攻击（Reflected Cross-site Scripting）"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" 登录页面上的错误信息反射XSS攻击"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" 通过Moodle实现的反射型XSS漏洞（[CVE-2022-35653]）"

影响厂商:b'U.S. Dept Of Defense'(https://hackerone.com/deptofdefense) 
" “通过'where'参数的SQL注入”"

影响厂商:b'Node.js'(https://hackerone.com/nodejs) 
" “带有完整性选项的fetch命令过于宽松，当指定算法但哈希值不正确时”"

影响厂商:b'Node.js'(https://hackerone.com/nodejs) 
" 在undici.request中的跨域重定向时，Proxy-Authorization头部未清除。"

影响厂商:b'Node.js'(https://hackerone.com/nodejs) 
" 通过内容长度混淆实现的HTTP请求走私"

End-to-end typesafe RPC for Electron

⚡ The most powerful open source tweaker on GitHub for fine-tuning Windows 10 & Windows 11

Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2049-03：红帽OpenShift容器平台4.13.41版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.

" 红帽安全公告2024-2054-03：红帽OpenShift容器平台4.14.23版本已发布，此版本包含 packages 和 images 的更新，可修复多个漏洞并添加功能增强。"

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2068-03：红帽OpenShift容器平台4.15.11版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

" 红帽安全公告2024-2071-03：红帽OpenShift容器平台4.15.11版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。"

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

" 红帽安全公告2024-2674-03 - 针对红帽企业Linux 8.6扩展更新支持的内核更新现已可用。"

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-2679-03：现已为红帽企业Linux 9提供libxml2更新。解决的问题包括一个使用后释放漏洞。"

SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.

" SOPlanning 1.52.00 版本存在 group_save.php 中的跨站脚本漏洞。"

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

" SOPlanning 1.52.00 版本在 xajax_server.php 中存在跨站请求伪造漏洞。"

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

" SOPlanning 1.52.00 版本在项目中的 projects.php 文件存在远程 SQL 注入漏洞。"

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

" Ubuntu安全通知6762-1 - 发现GNU C库错误地处理了网络组请求。攻击者可能利用此问题导致崩溃或执行任意代码。此问题仅影响Ubuntu 14.04 LTS。发现GNU C库可能允许上下文相关攻击者导致拒绝服务。此问题仅影响Ubuntu 14.04 LTS。在处理真实路径函数的非常长的路径名参数时，发现GNU C库在32位架构上可能遇到整数溢出，导致堆栈溢出，甚至可能执行任意代码。此问题仅影响Ubuntu 14.04 LTS。"