每日安全动态推送(1-30)

Tencent Security Xuanwu Lab Daily News

• NULL pointer dereference in the function handle_viminfo_register() of vim:
https://seclists.org/fulldisclosure/2024/Jan/49

   ・ vim文本编辑器存在NULL指针解引用漏洞(CVE-2023-45921),可能导致拒绝服务攻击。  – SecTodayBot


• GitHub – Moopinger/CLZero: A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors:
https://github.com/Moopinger/CLZero

   ・ 一个针对HTTP/1.1 CL.0请求走私攻击向量的模糊测试项目,涉及核心的网络安全技术和潜在的漏洞研究。 – SecTodayBot


• Spoofing 802.11 Wireless Beacon Management Frames with Manipulated Power Values Resulting in Denial of Service for Wireless Clients:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spoofing-802-11-wireless-beacon-management-frames-with-manipulated-power-values-resulting-in-denial-of-service-for-wireless-clients/

   ・ 关于一名安全研究人员进行独立安全研究的文章,通过分析Ubuntu的源代码发现了潜在的无线接口漏洞。文章详细分析了设置无线网卡传输功率所使用的数值来源,讨论了新的潜在滥用无线接口的案例。 – SecTodayBot


• Enhancing trust for SGX enclaves:
https://blog.trailofbits.com/2024/01/26/enhancing-trust-for-sgx-enclaves/

   ・ 通过使用Nix来实现可重现和透明的隔离构建,增强了SGX系统的安全性。  – SecTodayBot


• Shipping your Private Key – CVE-2023-43870, Paxton do a Lenovo:
https://www.cryptic.red/post/shipping-your-private-key-cve-2023-43870-paxton-do-a-lenovo

   ・ 文章揭示了Paxton Access的Net2软件存在严重的安全漏洞,攻击者可以利用私钥实施中间人攻击。 – SecTodayBot


• CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE Possible:
https://securityonline.info/cve-2024-23897-cvss-9-8-critical-jenkins-security-vulnerability-rce-possible/

   ・ Jenkins发布了一份关于关键漏洞CVE-2024-23897的安全公告,该漏洞可能导致远程代码执行。文章详细分析了漏洞的根本原因,提到了技术细节和针对该漏洞的PoC代码。 – SecTodayBot


• Ligolo-Ng – An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface:
http://dlvr.it/T1vnQm

   ・ Ligolo-ng是一种用于隧道和枢纽的新工具。它使用TUN接口来建立反向TCP/TLS连接,无需使用SOCKS代理,具有简单的UI界面和自动证书配置。该工具的亮点在于其使用Gvisor创建用户空间网络堆栈,从而实现更简单和更快速的代理。  – SecTodayBot


• Vulnerability CVE-2024-0204 in GoAnywhere MFT:
https://www.kaspersky.com/blog/exploit-authentication-bypass-vulnerability-goanywhere-mft/50344/?reseller=gb_kdaily-blog_acq_ona_smm__all_b2b_some_sma_sm-team______&utm_source=twitter&utm_medium=social&utm_campaign=gl_kdaily-blog_ag0241&utm_content=sm-post&utm_term=gl_twitter_organic_v3twf241s35j8f5

   ・ 该漏洞分析文章披露了Fortra GoAnywhere MFT软件中的CVE-2024-0204漏洞,提供了详细的漏洞根本原因分析,并介绍了如何防御该漏洞的利用。 – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号: 腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-30)

版权声明:admin 发表于 2024年1月30日 下午1:12。
转载请注明:每日安全动态推送(1-30) | CTF导航

相关文章