每日更新 / 推荐
时间 | 节点 | |
---|---|---|
2022年8月17日 04:30 | r2c website | Shoulda, Woulda...Coulda In the world of SAST it’s very easy to spot two types of findings: True positives: A confirmed vulnerability False positives: Something… 在 SAST 的世界里,很容易发现两种类型的发现: 真正的积极因素: 确认的弱点假的积极因素: 某些..。 |
2022年8月17日 04:30 | Stories by SAFARAS K A on Medi | PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables In this article, it is requested to obtain the user name and password information in the users table by using the SQL injection vulnerability. Let’s start by identifying the number of columns first: ‘ UNION SELECT NULL — ‘+UNION+SELECT+NULL — We detect that there are 2 columns. For this, we can create the SQL query using the UNION keyword as follows. ‘ UNION SELECT username,password FROM users — ‘+UNION+SELECT+username,password+FROM+users- - Let’s log in to the system with the administrator user. After successful login, we complete the lab. From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE! PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlight |
2022年8月17日 04:30 | Stories by SAFARAS K A on Medi | StepSecurity releases tool that it used to improve security of 30 critical open-source projects… StepSecurity releases tool that it used to improve security of 30 critical open-source projects (including NodeJS, OpenSSL, Python, Rails, React Native) SecureWorkflows is an open-source project that automates implementation of security best practices. SecureWorkflows project was used to harden GitHub Actions workflow files for 30 of the top 100 critical open-source projects. You can now use SecureWorkflows to implement security best practices in your own open-source projects using app.stepsecurity.io/securerepo. The tool fixes security best practice issues using pull requests, without the need to install any App. Tool to implement security best practices in your open-source projects Linux Foundation’s Secure Open Source (SOS) Rewards program has rewarded StepSecurity 3 times over the last 2 months for implementing these security improvements across 30 critical open-source projects. Unlike a bug bounty program, which is for finding vulnerabilities, the SOS program rewards implementation of open source securit |
2022年8月17日 04:28 | Trustwave Blog | Trustwave Security Colony Noted as a Differentiator in Managed Detection and Response Market According to IDC Link Report Trustwave’s new MDR offerings garnered recognition from IDC as differentiated due to the inclusion of Security Colony as part of the offering. Security Colony, now bundled in with Trustwave MDR offerings, is a Resource Library of 400+ documents derived directly from real-life consulting engagements with clients. Trustwave 的新 MDR 产品获得了 IDC 的认可,因为其中包含了安全殖民地(Security Colony)。Security Colony,现在捆绑在 Trustwave MDR 产品中,是一个包含400多个文档的资源库,这些文档直接来源于与客户的现实咨询约定。 |
2022年8月17日 04:05 | Github关注 | Rvn0xsy starred ascoders/weekly 前端精读周刊。帮你理解最前沿、实用的技术。 |
2022年8月17日 04:02 | nccgroup | Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling Authored by: Jesús Miguel Calderón Marín Introduction Two years ago I carried out research into online casino games specifically focusing on roulette. As a result, I composed a detailed guide with information on classification of online roulette, potential vulnerabilities and the ways to detect them[1]. Although this guideline was particularly well-received by the security community, … Continue reading Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling → 作者: Jesús Miguel Calderón Marín 两年前,我对在线赌场游戏进行了研究,主要关注轮盘赌。因此,我编写了一个详细的指南,包括在线轮盘赌的分类,潜在的漏洞和检测方法的信息[1]。尽管这个指南特别受到安全界的欢迎,... ... 继续阅读幸运轮《结果预测——从赌博中走运→》 |
2022年8月17日 03:25 | Github关注 | DIYgod starred the1812/Bilibili-Evolved 强大的哔哩哔哩增强脚本 |
2022年8月17日 01:05 | Github关注 | DIYgod starred Kuari/RedisFish 🌈A convenient, cross-platform, and content-focused redis GUI client. Maybe you will like it. |
2022年8月17日 00:33 | Github_POC | CVE-2012-0158 (2012-04-11) Sunqiz/CVE-2012-0158-reproduction The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." [GitHub]CVE-2012-0158复现 MSCOMCTL 中的(1) ListView、(2) ListView2、(3) TreeView 和(4) TreeView2ActiveX 控件。OCX 在 Microsoft Office 2003 SP3、2007 SP2和 SP3以及2010 Gold 和 SP1中的公共控件; Office 2003 Web 组件 SP3; SQL Server 2000 SP4、2005 SP4和2008 SP2、 SP3和 R2;BizTalk Server 2002 SP1; Commerce Server 2002 SP4,2007 SP2和2009 Gold and R2; Visual FoxPro 8.0 SP1和9.0 SP2; 以及 Visual Ba |
2022年8月17日 00:33 | Github_POC | CVE-2011-0104 (2011-04-14) Sunqiz/CVE-2011-0104-reproduction Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability." [GitHub]CVE-2011-0104复现 微软 Excel 2002 SP3和2003 SP3,Mac 版 Office 2004和2008,以及 Mac 版 Open XML 文件格式转换器允许远程攻击者执行任意代码或通过 Excel 文件中的 HLink 记录导致分布式拒绝服务攻击(内存损坏) ,也就是“ Excel 缓冲区覆盖漏洞” CVE-2011-0104复现 |
2022年8月17日 00:33 | Github_POC | CVE-2013-2028 (2013-07-20) Sunqiz/CVE-2013-2028-reproduction The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. [GitHub]CVE-2013-2028复现 Nginx 1.3.9到1.4.0中的 http/ngx _ http _ parse.c 中的 ngx _ http _ parse _ chunked 函数允许远程攻击者通过块大小的块传输编码请求引发分布式拒绝服务攻击(崩溃)并执行任意代码,这会触发整数符号错误和基于堆栈的缓冲区溢出。 CVE-2013-2028复现 |
2022年8月17日 00:33 | Github_POC | CVE-2017-11882 (2017-11-15) Sunqiz/CVE-2017-11882-reproduction Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. [GitHub]CVE-2017-11882复现 Microsoft Office 2007 Service Pack 3、 Microsoft Office 2010 Service Pack 2、 Microsoft Office 2013 Service Pack 1和 Microsoft Office 2016允许攻击者在当前用户的上下文中运行任意代码,因为攻击者未能正确处理内存中的对象,即“ Microsoft Office 内存损坏漏洞”。这个 CVE ID 是 CVE-2017-11884中唯一的。 CVE-2017-11882复现 |
2022年8月17日 00:33 | Github_POC | CVE-2017-0199 (2017-04-12) Sunqiz/CVE-2017-0199-reprofuction Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." [GitHub]CVE-2017-0199复现 Microsoft Office 2007 SP3,Microsoft Office 2010 SP2,Microsoft Office 2013 SP1,Microsoft Office 2016,Microsoft Windows Vista SP2,Windows Server 2008 SP2,Windows 7 SP1,Windows 8.1允许远程攻击者通过精心编写的文档执行任意代码,也就是“ Microsoft Office/WordPad 远程代码执行漏洞 w/Windows API” CVE-2017-0199复现 |
2022年8月17日 00:33 | Github_POC | CVE-2022-24500 (2022-04-16) Daro1967/CVE-2022-24500-MASS-RCE Windows SMB Remote Code Execution Vulnerability. [GitHub]CVE-2022-24500 Windows SMB Unauthenticated Remote Code Execution Vulnerability |
2022年8月17日 00:33 | Github_POC | CVE-2022-34169 (2022-07-20) bor8/CVE-2022-34169 The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. [GitHub]https://nvd.nist.gov/vuln/detail/CVE-2022-34169 在处理恶意 XSLT 样式表时,ApacheXalanJavaXSLT 库容易受到整数截断问题的影响。这可以用来破坏由内部 XSLTC 编译器生成的 Java 类文件,并执行任意的 Java 字节码。ApacheXalanJava 项目处于休眠状态,正处于退役过程中。未来的 ApacheXalanJava 版本不会解决这个问题。注意: Java 运行时(例如 OpenJDK)包括重新打包的 Xalan 副本。 Https://nvd.nist.gov/vuln/detail/cve-2022-34169 |
2022年8月17日 00:33 | Github_POC | CVE-2022-26809 (2022-04-16) Ziggy78/CVE-2022-26809-MASS-RCE Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. [GitHub]metasploit and python module for CVE-2022-26809 windows rpc rce via smb 445 远程过程调用运行时远程代码执行漏洞。这个 CVE ID 是 CVE-2022-24492,CVE-2022-24528中唯一的。 [ GitHub ] metasploit 和 python 模块,用于 CVE-2022-26809 windows rpc rpc rce via smb 445 |
2022年8月17日 00:33 | Github_POC | CVE-2014-6271 (2014-09-25) sidd3009/PenTesting GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. [GitHub]### **Awesome Penetration Testing** [](http://kalitut.com) [](http://www.youtube.com/watch?v=V3CTfJ2ZP7M "10 Common Hackin |
2022年8月17日 00:33 | Github_POC | CVE-2020-9496 (2020-07-16) Ly0nt4r/CVE-2020-9496 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 [GitHub]ApacheOfBiz 17.12.01 - Unauthorized Remote Code Executión 在 Apache OFBiz 17.12.03中,XML-RPC 请求很容易受到不安全的反序列化和跨网站脚本问题的影响 [ GitHub ] ApacheOfBiz 17.12.01-未授权远程代码执行 |
2022年8月17日 00:33 | checkpoint research | 15th August – Threat Intelligence Report For the latest discoveries in cyber research for the week of 15th August, please download our Threat Intelligence Bulletin. Top Attacks and Breaches Cisco confirms it has been breached by the Yanluowang ransomware group in late May 2022. The initial access was gained after the threat actor gained an employee’s Google account credentials, saved in... Click to Read More The post 15th August – Threat Intelligence Report appeared first on Check Point Research. 关于8月15日这一周网络研究的最新发现,请下载我们的威胁情报公报。顶级攻击和破坏思科证实,它已被严洛王勒索软件集团在2022年5月底侵入。最初的访问是在威胁者获得一个雇员的谷歌帐户凭证后获得的,保存在... 点击阅读更多 8月15日之后的威胁情报报告首先出现在 Check Point Research 上。 |
2022年8月17日 00:33 | Seebug | 南亚 Patchwork APT 组织新活动特点分析 作者:知道创宇404实验室APT高级威胁情报团队,K &Nan 1. 概述 Patchwork是自2015年12月以来一直活跃的南亚APT组织。该组织长期针对中国、巴基斯坦等南亚地区国家的政府、医疗、科研等领域进行网络攻击窃密活动。PatchWorkAPT是一个比较有意思的名字,源于该组织武器库是基于开源的代码拼凑而成(地下论坛、暗网、github等等)。知道创宇404实验室APT高... |
2022年8月17日 00:33 | Exploitalert | Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure GigalandNFT 市场1.9 Shell 上传/密钥披露 |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Exploitalert | Inout SiteSearch 2.0.1 Cross Site Scripting Inout SiteSearch 2.0.1 Cross Site Scripting Inout SiteSearch 2.0.1跨网站脚本 |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Exploitalert | Inout RealEstate 2.1.2 SQL Injection Inout RealEstate 2.1.2 SQL Injection |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Exploitalert | Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow XMLParser _ Element _ doc _ AssemblyIdentity 堆缓冲区溢出 |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Packet Storm | |
2022年8月17日 00:33 | Exploitalert | HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path HP LaserJet 专业 M1210 MFP 系列接收传真服务未报价服务路径 |
2022年8月17日 00:33 | ptsecurity | Discovering Domains via a Time-Correlation Attack on Certificate Transparency Many modern websites employ an automatic issuance and renewal of TLS certificates. For enterprises, there are DigiCert services. For everyone else, there are free services such as Let’s Encrypt and ZeroSSL. There is a flaw in a way that deployment of TLS certificates might be set up. It allows anyone to discover all domain names […] 许多现代网站使用 TLS 证书的自动签发和更新。企业可使用数码证书服务。对于其他人来说,有一些免费的服务,比如 Let’s Encrypt 和 ZeroSSL。在设置 TLS 证书的部署方式上存在一个缺陷。它允许任何人发现所有域名[ ... ] |
2022年8月17日 00:33 | 跳跳糖 | XStream通览漏洞分析 XStream是一个简单的基于Java库,Java对象序列化到XML,反之亦然(即:可以轻易的将Java对象和xml文档相互转换)。 |
2022年8月17日 00:32 | Zedd's Blog | A Magic Way of XSS in HTTP/2 上周周末结束的 corCTF 中有一个题目提出了一种很有意思的攻击,该攻击方式可以利用 HTTP/2 Server Push 机制 XSS 到其他域,尽管利用条件有点苛刻,但是我个人非常喜欢这种 Magic 的攻击方式。(在征求了原作者 @ehhthing 同意下将该方法分享给大家) |
2022年8月17日 00:31 | tom0li-涤声 | 一战:欧洲十个意想不到 一、均势和平很脆弱 二、民族主义点燃战火 三、经济联系没能阻止英德交战 四、战争迅速发展成总体战 五、欧洲淡出世界舞台中心 六、世界霸权转移到美国 七、俄罗斯与西方对抗长期化 八、帝国解体一发不可收 九、一战之后还会有二战 十、世界大战会“过时” 结论 原文新华网:http://www.xinhuanet.com/world/2014-07/11/c_126740612.htm 本文 发表于 2014 年 7 月。作者:王义桅,中国人民大学国际关系学院教授、博士生导师、国际事务研究所所长、欧盟研究中心主任,“中欧学术连线”主任。 在第一次世界大战之前,所有的战争都是局部战争、地区性战争。1914年至1918年的大战就其规模和激烈程度,尤其是总体性来说,是破天荒的。可以说,第一次世界大战带来总体战的世纪、全球战争的世纪。 从另一方面来说,一战又是一场真正的欧洲内战,欧洲人的一战记忆甚至超过二战。每年11月11日的一战停战日,已成为“阵亡将士纪念日”,英联邦国家的人们都会佩戴罂粟花以缅怀战争死难者。 一百年过去了,反思一战,可以看到有十个方面让欧洲人意想不到: 一、均势和平很脆弱 早在1887年,恩格斯就曾预言:“对于普鲁士德意志来说,现在除了世界战争以外已经不可能有任何别的战争了”。27年后,恩格斯所预言的这场世界大战果然爆发了,这就是第一次世界大战。 一战标志着一个长时期的和平时代的结束。自1815年拿破仑战争结束以来差不多整整一个世纪里,欧洲没有发生过重大战争。这主要应归功于大国(英、奥、普、法)之间力量上的均势,它所依靠的是英国的经济优势和海军力量,实质上是英国强制下的和平。 但是力量的均势始终没能完全调整好。它在19世纪的中叶受到拿破仑三世的挑战,在1870年受到俾斯麦的冲击,在1878年又受到俄国的威胁。更为严重的威胁出现在1900年以后。那时德国已成为欧洲大陆最强大的国家,一个新的、虎虎生威、野心勃勃的大国在欧洲的心脏地区日益壮大,并且向现代秩序发起挑战。于是,德国对英国这个头号贸易和海洋国家霸权的挑战,英国和其他列强对这种经济—军事—心理威胁的反应,成为一战爆发的首要原因。历史学家们指出:“德国给欧洲力量形成的均势所造成的威胁是20世纪两次世界大战真正的和主要的原因。” 二、民族主义点燃战火 第一次世界大战把成千上万的人投入了无情的“绞肉机”。点燃战争之火的是欧洲列强日益高涨的民族主义。 与以往列强间 |
2022年8月17日 00:31 | tom0li-涤声 | |
2022年8月17日 00:31 | 知名组件CVE监控 | CVE-2022-35624 有新的漏洞组件被发现啦,组件ID:F5 In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN 在 Nordic nRF5 SDK for Mesh 5.0中,可以通过发送一系列具有 SegO > SegN 的分段数据包来触发堆溢出漏洞 |
2022年8月17日 00:30 | 知名组件CVE监控 | CVE-2022-35623 有新的漏洞组件被发现啦,组件ID:F5 In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth 在 Nordic nRF5 SDK for Mesh 5.0中,可以通过发送一系列分段控制包和访问具有相同 SeqAuth 的包来触发堆溢出漏洞 |
2022年8月17日 00:29 | Stories by SAFARAS K A on Medi | Irremovable guest in facebook event — Facebook bug bounty Irremovable guest in facebook event — Facebook(Meta) bug bounty Hello Everyone, This is Rajiv Gyawali from Butwal, Nepal. This is a story of one of my finding on facebook. Story : I was reading writeups of facebook bug bounty and came to a writeup which was about being unable to remove member from facebook event, The circumstances were “Invited user blocks owner of event”, I tested the same scenario at first but couldn’t reproduce it, Later i went to one of my test group and created an event in normal scenario(I thought it to be a normal scenario at first), and tried to remove a member from that event, i was unable to remove that member from group, I became happy with the thought like…ohhhhh buggy…thing :) I tested that issue in several groups, There comes some disappointment, I was unable to reproduce it in some groups, i was very unsure whether to report that issue or not as there was a risk of fb team not reproducing it, i reported it anyway. As expected, facebook team could not reproduce the issue, i myse |
2022年8月17日 00:29 | Stories by SAFARAS K A on Medi | Salesforce bug hunting to Critical bug Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups » 或者我是怎么知道有些虫子真的很罕见的 继续阅读资讯安全网的文章” |
2022年8月17日 00:29 | Stories by SAFARAS K A on Medi | IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command… IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command Injection and much more… Hey 👋 Welcome to the sixteenth edition of Infosec Weekly — the Monday newsletter that brings the best in Infosec straight to your inbox. So many new things are happening in the cybersecurity world that it’s difficult to keep up! 🥲 We’ve done all the hardwork for you by selecting the most top-notch Infosec stuff that caught our attention this week. The format is: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert and Upcoming CTF Events to help you maximize the benefit from this newsletter and take a massive jump ahead in your career. Excited? Let’s dive in👇 📝 5 Infosec Articles #1 @Gafnit Amiga explains about three vulnerabilities detected in the AWS IAM Authenticator where all of them were caused by the same code line. #2 @OriginalSicksec’s new blog talks about how you can find and abuse URL shorteners to ATO or Information disclosure. #3 @dajon shares a detailed blog to |
2022年8月17日 00:29 | Packet Storm | Gentoo Linux Security Advisory 202208-24 Gentoo Linux Security Advisory 202208-24 - Multiple vulnerabilities have been discovered in the GNU C Library, the worst of which could result in denial of service. Versions less than 2.34 are affected. Gentoo Linux 安全咨询202208-24-GNU c 图书馆发现了多个漏洞,其中最严重的可能导致分布式拒绝服务攻击。小于2.34的版本受到影响。 |
2022年8月17日 00:29 | Packet Storm | Gentoo Linux Security Advisory 202208-25 Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected. Gentoo Linux 安全咨询202208-25-在 Chromium 及其衍生产品中发现了多个漏洞,其中最严重的漏洞可能导致远程代码执行。小于5.15.5 _ p20220618 > = 的版本受到影响。 |
2022年8月17日 00:29 | Packet Storm | Gentoo Linux Security Advisory 202208-23 Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected. Gentoo Linux 安全咨询202208-23-Xen 发现了多个漏洞,其中最严重的漏洞可能导致远程代码执行(来宾沙盒逃脱)。小于4.15.3的版本受到影响。 |
2022年8月17日 00:29 | Packet Storm | Gentoo Linux Security Advisory 202208-27 Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected. Gentoo Linux Security Advisory 202208-27-QEMU 中发现了多个漏洞,其中最严重的漏洞可能导致远程代码执行(来宾沙盒逃逸)。小于7.0.0的版本受到影响。 |
2022年8月17日 00:29 | Packet Storm | Gentoo Linux Security Advisory 202208-26 Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected. Gentoo Linux 安全咨询202208-26-libarchive 中发现了多个漏洞,其中最严重的漏洞可能导致任意代码执行。小于3.6.1的版本受到影响。 |
2022年8月17日 00:29 | Microsoft Security Blog | Disrupting SEABORGIUM’s ongoing phishing operations The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog. 微软威胁情报中心已经观察到并采取行动破坏 SEABORGIUM 发起的活动,这些活动包括持续的网络钓鱼和信用证盗窃活动,导致入侵和数据盗窃。 “扰乱 SEABORGIUM 正在进行的网络钓鱼行动”首先出现在微软安全博客上。 |
2022年8月17日 00:28 | Packet Storm | Gentoo Linux Security Advisory 202208-28 Gentoo Linux Security Advisory 202208-28 - Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service. Versions less than 5.6.4 are affected. Gentoo Linux 安全咨询2022/08-28-美洲狮发现了多个漏洞,其中最严重的可能导致分布式拒绝服务攻击。小于5.6.4的版本受到影响。 |
2022年8月17日 00:28 | Packet Storm | Gentoo Linux Security Advisory 202208-29 Gentoo Linux Security Advisory 202208-29 - Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service. Versions less than 1.13.6 are affected. Gentoo Linux 安全咨询2022/08-29-Nokogiri 发现了多个漏洞,其中最严重的可能导致分布式拒绝服务攻击。小于1.13.6的版本受到影响。 |
2022年8月17日 00:28 | Packet Storm | Gentoo Linux Security Advisory 202208-30 Gentoo Linux Security Advisory 202208-30 - Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service. Versions less than 2.38 are affected. Gentoo Linux 安全咨询2022/08-30-Binutils 发现了多个漏洞,其中最严重的可能导致分布式拒绝服务攻击。小于2.38的版本受到影响。 |
2022年8月17日 00:28 | Packet Storm | Gentoo Linux Security Advisory 202208-31 Gentoo Linux Security Advisory 202208-31 - Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected. Gentoo Linux 安全咨询202208-31-GStreamer 及其插件中发现了多个漏洞,其中最严重的漏洞可能导致任意代码执行。小于1.16.3的版本受到影响。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6058-01 Red Hat Security Advisory 2022-6058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8. 红帽保安忠告2022-6058-01-。NET 是一个托管软件框架。它实现。NET 框架 API 和几个新的 API,并且它包括一个 CLR 实现。新版本的。现在可以使用 NET 来处理安全漏洞。更新的版本是。NET SDK 6.0.108及。NET 运行时6.0.8。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6057-01 Red Hat Security Advisory 2022-6057-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28. 红帽保安忠告2022-6057-01-。NET 是一个托管软件框架。它实现。NET 框架 API 和几个新的 API,并且它包括一个 CLR 实现。新版本的。现在可以使用 NET 来处理安全漏洞。更新的版本是。NET SDK 3.1.422及。NET 运行时3.1.28。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6066-01 Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability. Red Hat Security Advisory 2022-6066-01-etcd 包为共享配置提供了一个高度可用的键值存储。解决的问题包括分布式拒绝服务攻击漏洞。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6062-01 Red Hat Security Advisory 2022-6062-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library. Red Hat Security Advisory 2022-6062-01-Collectd 插件,用于从使用 libpod 库创建的容器中收集资源使用统计数据。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6065-01 Red Hat Security Advisory 2022-6065-01 - Collectd plugin for gathering resource usage statistics from containers created with the libpod library. Red Hat Security Advisory 2022-6065-01-Collectd 插件,用于从使用 libpod 库创建的容器中收集资源使用统计数据。 |
2022年8月17日 00:28 | Packet Storm | Red Hat Security Advisory 2022-6061-01 Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability. Red Hat Security Advisory 2022-6061-01-etcd 包为共享配置提供了一个高度可用的键值存储。解决的问题包括分布式拒绝服务攻击漏洞。 |