CTF导航 CTF导航

每日安全动态推送(5-17)

渗透技巧 6个月前 admin
27 0 0
Tencent Security Xuanwu Lab Daily News

• OpenSSL Security Advisory:
https://seclists.org/oss-sec/2024/q2/243

   ・ OpenSSL公开了一个新的漏洞CVE-2023-3446,该漏洞会导致使用EVP_PKEY_param_check()或EVP_PKEY_public_check()函数进行DSA公钥或DSA参数检查的应用程序出现长时间延迟。漏洞由fuzzer最先检测到,并在OpenSSL的git存储库中提供了修复。 – SecTodayBot


• oss-security – CVE-2024-21823: Intel DSA and Intel IAA advisory:
https://www.openwall.com/lists/oss-security/2024/05/15/1

   ・ 介绍了英特尔处理器中的潜在安全漏洞及其解决方案,重点是硬件逻辑不安全的去同步问题 – SecTodayBot


• Understanding AddressSanitizer: Better memory safety for your code:
https://blog.trailofbits.com/2024/05/16/understanding-addresssanitizer-better-memory-safety-for-your-code/

   ・ 介绍了使用AddressSanitizer (ASan)来检测代码中可能导致远程代码执行攻击的内存问题,重点讨论了ASan在C++中的应用 – SecTodayBot


• Let’s check the qdEngine game engine, part three: 10 more bugs:
https://pvs-studio.com/en/blog/posts/cpp/1123/?utm_source=firefly&utm_medium=twitter

   ・ 使用PVS-Studio静态代码分析工具发现并修复qdEngine游戏引擎中的缺陷和潜在漏洞 – SecTodayBot


• oss-security – CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE:
https://www.openwall.com/lists/oss-security/2024/05/09/1

   ・ 披露了Apache OFBiz 18.12.13版本之前的CVE-2024-32113漏洞,该漏洞由Qiyi Zhang (RacerZ) @secsys from Fudan (finder)发现。漏洞的根本原因是路径遍历,可能导致远程代码执行。 – SecTodayBot


• linux input handles:
https://redplait.blogspot.com/2024/05/linux-input-handles.html

   ・ 讨论了在Linux内核中安装键盘记录器的方法,以及如何从Linux内核结构中提取信息。 – SecTodayBot


• Offensive IoT for Red Team Implants (Part 2):
https://www.blackhillsinfosec.com/offensive-iot-for-red-team-implants-part-2/

   ・ 介绍了如何使用树莓派 Pico 作为物理植入设备进行攻击,并通过扩展 LoRa 模块来增强攻击能力。 – SecTodayBot


• Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines:
https://thehackernews.com/2024/05/researchers-uncover-11-security-flaws.html

   ・ GE HealthCare Vivid Ultrasound产品系列存在多个安全漏洞,可能被恶意利用,影响患者数据安全,并甚至安装勒索软件。其中最严重的漏洞是CVE-2024-27107,涉及使用硬编码凭据。 – SecTodayBot


• Adventures and Accidental Honeypots in Network Infrastructure: Unravelling Internet Shenanigans:
https://labs.jumpsec.com/adventures-and-accidental-honeypots-in-network-infrastructure-unravelling-internet-shenanigans/

   ・ Adventures and Accidental Honeypots in Network Infrastructure: Unravelling Internet Shenanigans – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(5-17)

版权声明:admin 发表于 2024年5月17日 上午10:50。
转载请注明:每日安全动态推送(5-17) | CTF导航

相关文章

反爬虫之又有新的设备指纹识别爬虫了
admin
258
phpems代码审计
admin
1,111
Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056)
admin
977
实战|记一次某企业被入侵的远程应急响应
admin
710
CNVD-2022-42853:禅道V16.5SQL注入漏洞
admin
781
Bitrix <= v7.5.0 安装文件上传漏洞
admin
291

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0