Cybersecurity information flow

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

" 连续第二年，网络安全防御杂志将2024年全球信息安全奖授予了Trustwave，表彰其最佳托管检测与应对（MDR）服务提供商。"

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

"  Gentoo Linux安全公告202405-2 - 在ImageMagick中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本号大于或等于6.9.13.0的受影响。"

Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2699-03 - 现在可为Red Hat Enterprise Linux 8提供git-lfs更新。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2700-03 - 现已为Red Hat Enterprise Linux 9.0扩展更新支持提供varnish更新。解决的问题包括服务拒绝漏洞。"

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

" Gentoo Linux安全公告202405-3 - 已在Dalli中发现了漏洞，可能导致代码注入。版本大于或等于3.2.3的版本受到影响。"

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

"  Gentoo Linux安全公告202405-4：在systemd中发现了多个漏洞，其中最严重的可能导致服务拒绝。版本大于或等于252.4的系统受到影响。"

Live2D Cubism suffers from a heap corruption vulnerability.

" Live2D Cubism存在堆损坏漏洞。"

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

" Debian Linux安全公告5677-1：在Ruby语言的解释器中发现了多个漏洞，可能导致信息泄露、服务拒绝或任意代码执行。"

Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.

" Debian Linux安全公告5678-1：在GNU C库中的Name Service Cache Daemon（nscd）中发现了多个漏洞，可能导致服务拒绝或执行任意代码。"

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

" Debian Linux安全公告5679-1：在less，一个文件分页器中发现了多个漏洞，如果处理具有特殊构造文件名的文件，可能导致执行任意命令。"

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

"  Gentoo Linux安全公告202405-5：在MPlayer中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本号大于或等于1.5的受影响。"

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

"  Gentoo Linux安全公告202405-6 - 已在mujs中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于1.3.2的系统受到影响。"

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

"  Gentoo Linux安全公告202405-7 - 已在HTMLDOC中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本大于或等于1.9.16的系统受到影响。"

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

"  Gentoo Linux安全公告202405-8：在strongSwan中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于5.9.10的系统受到影响。"

Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected.

"  Gentoo Linux安全公告202405-9：在MediaInfo和MediaInfoLib中发现了多个漏洞，其中最严重的漏洞可能导致用户协助下的远程代码执行。版本号大于或等于23.10的系统受到影响。"

Gentoo Linux Security Advisory 202405-10 - A vulnerability has been discovered in Setuptools, which can lead to denial of service. Versions greater than or equal to 65.5.1 are affected.

" Gentoo Linux安全公告202405-10 - 发现了Setuptools中的一个漏洞，可能导致拒绝服务。版本号大于或等于65.5.1的版本受到影响。"

Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected.

"  Gentoo Linux安全公告202405-11：在MIT krb5中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于1.21.2的系统受到影响。"

Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.

"  Gentoo Linux安全公告202405-12 - 在Pillow中发现了多个漏洞，其中最严重的可能导致任意代码执行。版本号大于或等于10.2.0的受影响。"

Gentoo Linux Security Advisory 202405-13 - A vulnerability has been discovered in borgmatic, which can lead to shell injection. Versions greater than or equal to 1.8.8 are affected.

"  Gentoo Linux安全公告202405-13 - 已在borgmatic中发现了漏洞，可能导致shell注入。版本号大于或等于1.8.8的版本受到影响。"

Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.

"  Gentoo Linux安全公告202405-14 - 在QtWebEngine中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本号大于或等于5.15.13_p20240322的受影响。"

Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.

"  Gentoo Linux安全公告202405-15：在Mozilla Firefox中发现了多个漏洞，其中最严重的可能导致远程代码执行。版本大于或等于115.8.0：esr的用户受到影响。"

Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.

"  Gentoo Linux安全公告202405-16 - 已在Apache Commons BCEL中发现漏洞，可能导致远程代码执行。版本大于或等于6.6.0的版本受到影响。"

This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host.

" 这个Metasploit模块利用SYS_MODULE能力，以daemon用户身份在主机上执行容器逃逸。如果存在此功能，并且目标主机上有可用于编译的Linux头文件，那么我们就可以逃逸到主机。"

The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more. It demonstrates weak content protection in the environment of CANAL+. The proof of concept exploit 3 year old vulnerabilities in CANAL+ STB devices, which make it possible to gain code execution access to target STB devices over an IP network.

" Microsoft PlayReady工具包协助生成虚假客户端设备身份，获取加密内容的许可证和内容密钥，等等。在CANAL+环境中，它展示了较弱的内容保护。概念证明利用了CANAL+ STB设备上的3岁漏洞，使您能够通过IP网络获取目标STB设备的代码执行权限。"

Systemd-run/run0 allocates user-owned ptys and attaches the slave to high privilege programs without changing ownership or locking the pty slave.

" Systemd-run/run0 分配用户拥有的 PTY 设备，并将从属设备连接到高权限程序，而不会更改所有权或锁定 PTY 从属设备。"

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

" AIDE（高级入侵检测环境）是Tripwire（商标名）的免费替代品。它生成一个数据库，可用于检查服务器上文件的完整性。它使用正则表达式来确定将哪些文件添加到数据库中。您可以使用多种消息摘要算法，以确保文件未被篡改。"

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
[GitHub]CVE-2024-4439 PoC

" WordPress核心在各个版本直至6.5.2中，由于显示名称的输出转义不足，容易受到存储跨站脚本攻击（Stored Cross-Site Scripting）。这使得具有贡献者级别及以上权限的认证攻击者能够在用户访问注入的页面时执行任意Web脚本。此外，它还允许未认证的攻击者在具有评论区块且显示评论作者头像的页面中注入任意Web脚本。\n[GitHub]CVE-2024-4439证明概念（Proof of Concept）"

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
[GitHub]The provided exploit code leverages a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-4439) in WordPress Core versions up to 6.5.1.

" WordPress Core在各个版本直至6.5.2中，由于显示名称的输出转义不足，容易受到存储型跨站脚本攻击（Stored Cross-Site Scripting）的漏洞影响，该漏洞位于用户昵称旁的头像区块。这使得具有投稿者权限及以上认证的攻击者可以在用户访问注入的页面时，注入任意web脚本并执行。此外，它还允许未认证的攻击者在具有评论区块且显示评论作者头像的页面中注入任意web脚本。\n[GitHub]提供的攻击代码利用了WordPress Core版本直至6.5.1中的存储型跨站脚本（XSS）漏洞（CVE-2024-4439）。"