Cybersecurity information flow

美国邮政是美国主要的包裹信件投递机构之一，长期以来该单位都是网络钓鱼和诈骗的针对目标。

影响厂商:X (Formerly Twitter) 奖励:1500.0USD 危险等级:medium
" 跨域泄漏X用户名/用户ID，由于动态生成的JS文件"

影响厂商:HackerOne 奖励: 危险等级:none
" 云计算黑客一号调配员可为广大民众访问[分析师卢卡斯+观点@wearehackerone.com]电脑"

影响厂商:X (Formerly Twitter) 奖励: 危险等级:medium
" 能看到隐藏的喜欢的能力"

影响厂商:b'HackerOne'(https://hackerone.com/security) 
" “云计算机黑客一号分类者可以为大家所接触 [分析师卢卡斯+观点@wearehackerone.com] 计算机。”\n\n翻译说明：原文中的 \"Cloud Computer Hackerone Triager\" 可以理解为“云计算机黑客一号分类者”，其中 \"Triager\" 是英文词汇，表示“分类者”。信达雅的要求下，我将此句翻译为中文，保持了原意。"

影响厂商:b'X (Formerly Twitter)'(https://hackerone.com/x) 
" 跨域泄漏X用户名/用户ID，由于动态生成的JS文件"

影响厂商:b'X (Formerly Twitter)'(https://hackerone.com/x) 
" “洞察隐藏的喜爱”"

[GitHub]CVE-2024-34310

" [GitHub] CVE-2024-34310\n\n将上述链接中的英文翻译为中文，内容为：[GitHub] CVE-2024-34310。这是一个GitHub仓库的链接，其中存储了一个关于CVE-2024-34310漏洞的信息。CVE-2024-34310是一个通用漏洞披露（Common Vulnerabilities and Exposures，简称CVE）编号，用于标识某个特定安全漏洞。这个编号通常包含在安全公告、漏洞报告和修复方案等相关文档中，以便于快速识别和解决问题。"

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the vic

信息安全资产库建设实践 https://mp.weixin.qq.com/s/RR5YznWfqmKEg757425dgg

Red Hat Security Advisory 2024-2664-03 - Red Hat OpenShift Container Platform release 4.15.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2664-03：红帽OpenShift容器平台4.15.12版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2666-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs.

" 红帽安全公告2024-2666-03：红帽OpenShift容器平台4.14.24版本已发布，此版本包含更新了软件包和镜像，修复了多个漏洞。"

Red Hat Security Advisory 2024-2667-03 - Red Hat build of MicroShift release 4.15.12 is now available with updates to packages and images that include a security update.

" 红帽安全公告2024-2667-03：红帽制作的MicroShift 4.15.12版本现已发布，其中包括对软件包和镜像的更新，以及一个安全更新。"

Red Hat Security Advisory 2024-2668-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2668-03：红帽OpenShift容器平台4.14.24版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2669-03 - Red Hat OpenShift Container Platform release 4.15.12 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a code execution vulnerability.

" 红帽安全公告2024-2669-03：红帽OpenShift容器平台4.15.12版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括一个代码执行漏洞。"

Red Hat Security Advisory 2024-2671-03 - Red Hat build of MicroShift release 4.14.24 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2671-03：红帽制作的MicroShift 4.14.24版本现已发布，其中包括对软件包和镜像的更新，以修复多个漏洞。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2672-03 - Red Hat OpenShift Container Platform release 4.14.24 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and denial of service vulnerabilities.

" 红帽安全公告2024-2672-03：红帽OpenShift容器平台4.14.24版本已发布，此版本包含 packages 和 images 的更新，修复了多个 bug 并添加了功能增强。解决的问题包括代码执行和拒绝服务漏洞。"

Red Hat Security Advisory 2024-2705-03 - An update is now available for Red Hat build of Quarkus.

" 红帽安全公告2024-2705-03 - 适用于红帽制作的 Quarkus 的更新现已提供。"

Red Hat Security Advisory 2024-2793-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

" 红帽安全公告2024-2793-03 - 现已为红帽企业Linux 8.6扩展更新支持提供nodejs：16模块的更新。解决的问题包括服务拒绝漏洞。"

Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.

" 红帽安全公告2024-2799-03 - 适用于红帽企业Linux 8.6扩展更新支持的glibc更新现已可用。解决的问题包括缓冲区溢出、代码执行、空指针和越界写入漏洞。"

Ubuntu Security Notice 6769-1 - Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. An Pham discovered that Spreadsheet::ParseXLSX allowed the processing of external entities in a default configuration. An attacker could possibly use this vulnerability to execute an XML External Entity injection attack.

" Ubuntu安全通知6769-1 - Le Dinh Hai发现Spreadsheet::ParseXLSX在单元格合并操作中未能正确管理内存。攻击者可能利用此问题消耗大量内存，导致服务拒绝（DoS）状况。An Pham发现Spreadsheet::ParseXLSX在默认配置下允许处理外部实体。攻击者可能利用此漏洞执行XML外部实体注入攻击。"

Ubuntu Security Notice 6770-1 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The update lead to the discovery of a regression in Fossil with regards to the handling of POST requests that do not have a Content-Length field set. This update fixes the problem.

" Ubuntu安全通知6770-1 - USN-6729-1修复了Apache HTTP服务器中的漏洞。更新导致发现了Fossil在处理不带Content-Length字段的POST请求方面的回归问题。此更新解决了该问题。"