Cybersecurity information flow

⚡ The most powerful open source tweaker on GitHub for fine-tuning Windows 10 & Windows 11

Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2049-03：红帽OpenShift容器平台4.13.41版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.

" 红帽安全公告2024-2054-03：红帽OpenShift容器平台4.14.23版本已发布，此版本包含 packages 和 images 的更新，可修复多个漏洞并添加功能增强。"

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2068-03：红帽OpenShift容器平台4.15.11版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

" 红帽安全公告2024-2071-03：红帽OpenShift容器平台4.15.11版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。"

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

" 红帽安全公告2024-2674-03 - 针对红帽企业Linux 8.6扩展更新支持的内核更新现已可用。"

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

" 红帽安全公告2024-2679-03：现已为红帽企业Linux 9提供libxml2更新。解决的问题包括一个使用后释放漏洞。"

SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.

" SOPlanning 1.52.00 版本存在 group_save.php 中的跨站脚本漏洞。"

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

" SOPlanning 1.52.00 版本在 xajax_server.php 中存在跨站请求伪造漏洞。"

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

" SOPlanning 1.52.00 版本在项目中的 projects.php 文件存在远程 SQL 注入漏洞。"

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

" Ubuntu安全通知6762-1 - 发现GNU C库错误地处理了网络组请求。攻击者可能利用此问题导致崩溃或执行任意代码。此问题仅影响Ubuntu 14.04 LTS。发现GNU C库可能允许上下文相关攻击者导致拒绝服务。此问题仅影响Ubuntu 14.04 LTS。在处理真实路径函数的非常长的路径名参数时，发现GNU C库在32位架构上可能遇到整数溢出，导致堆栈溢出，甚至可能执行任意代码。此问题仅影响Ubuntu 14.04 LTS。"

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

" Ubuntu安全通知6757-2 - USN-6757-1修复了PHP中的漏洞。不幸的是，这些修复对于Ubuntu 20.04 LTS、Ubuntu 22.04 LTS和Ubuntu 23.10来说是不完整的。此更新解决了这个问题。发现PHP错误地处理了PHP_CLI_SERVER_WORKERS变量。攻击者可能利用这个问题导致崩溃或执行任意代码。这个问题只影响了Ubuntu 20.04 LTS和Ubuntu 22.04 LTS。"

SmartScreen Prompt Security Feature Bypass Vulnerability
[GitHub]Exploit for Microsoft SmartScreen malicious execution (april 2024)

" 智能屏提示安全功能绕过漏洞\n[GitHub]针对Microsoft智能屏恶意执行的漏洞利用（2024年4月）"

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
[GitHub]Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability

" Jenkins 2.441及更早版本，LTS 2.426.2及更早版本，在其CLI命令解析器中未禁用一种功能，该功能将在参数中的'@'字符后跟随的文件路径替换为文件内容，允许未经身份验证的攻击者读取Jenkins控制器文件系统上的任意文件。\n[GitHub]Jenkins CVE-2024-23897：任意文件读取漏洞"

[GitHub]Exploit for Microsoft SmartScreen malicious execution (april 2024)

" [GitHub] Microsoft SmartScreen 恶意执行漏洞利用（2024年4月）"

An offensive security strategy is a sophisticated and dynamic approach that extends beyond mere testing. It's a comprehensive plan that aligns with an organization's core mission, transforming security from a passive shield to an active spearhead. After all, in any fight, a combatant can only block punches for so long before striking back.

" 进攻性安全策略是一种复杂且动态的方法，它超越了单纯的测试。这是一种全面的战略，与组织的核心使命保持一致，将安全从被动的防护转变为积极的矛头。毕竟，在任何斗争中，战士只能在挡住拳头的同时等待反击。"

Next Generation Visual Programming System

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的错误。修复了一个错误：在遇到空值后，自定义表格列不再返回新值。"

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的bug。修复bug：我们已修复一个bug，即在遇到空值后，自定义表格列不再返回新值。"

Concurrent data structures for Go

Produce redistributable builds of Python

A grammar-based custom mutator for AFL++

这是一个基于先知社区知识构建的向量知识库