Aggregator

通天星CMSv6 Japser反序列化漏洞分析

漏洞分析之XmlSerializer反序列化漏洞

小心你的加密货币，针对加密货币的窃密样本详细分析

图片来源：FreeBuf 近日，GitLab 发布了社区版（CE）和企业版（EE）的安全更新，以解决八个安全漏洞，其中包括一个可能允许在任意分支上运行持续集成和持续交付（CI/CD）管道的关键漏洞。该漏洞被跟踪为 CVE-2024-9164，CVSS 得分为 9.6（满分 10 分），攻击者可以在某些情况下以任意用户身份触发Pipeline，可能导致权限提升或执行恶意操作 。 GitLab 在一份公告中说：“在 GitLab EE 中发现了一个漏洞，影响了从 12.5 开始到 17.2.9 之前的所有版本、从 17.3 开始到 17.3.5 之前的所有版本，以及从 17.4 开始到 17.4.2 之前的所有版本。” 目前，GitLab CE/EE 17.1.7，17.2.5，17.3.2及以上版本已修复该漏洞。 在其余七个问题中，四个被评为严重程度高，两个被评为严重程度中，一个被评为严重程度低： CVE-2024-8970（CVSS 得分：8.2），允许攻击者在某些情况下以其他用户身份触发管道 CVE-2024-8977（CVSS 得分：8.2），允许在配置并启用产品分析仪表板的 GitLab EE 实例中进行 SSRF 攻击 CVE-2024-9631 (CVSS score: 7.5)，可导致在查看有冲突的合并请求的差异时速度变慢 CVE-2024-6530 （CVSS 得分：7.3），由于跨站点脚本问题，当授权新应用程序时，会在 OAuth 页面中注入 HTML 近几个月来，GitLab 不断披露与管道相关的漏洞，该公告是其中的最新进展。 近期历史漏洞回顾 GitLab近期频繁披露与管道相关的漏洞，此次更新只是其中的一部分。 上个月，GitLab修复了另一个关键漏洞（CVE-2024-6678，CVSS得分：9.9），该漏洞允许攻击者以任意用户身份运行管道作业。 此前，GitLab还修补了其他三个类似的缺陷——CVE-2023-5009（CVSS得分：9.6）、CVE-2024-5655（CVSS得分：9.6）和CVE-2024-6385（CVSS得分：9.6）。 尽管目前没有证据表明这些漏洞已被主动利用，但GitLab强烈建议用户将其实例更新至最新版本，以确保系统安全并防范潜在威胁。定期更新和监控是保护关键基础设施免受攻击的重要措施。 GitLab的安全更新反映了当前软件安全环境的动态性，企业需保持警惕并及时响应安全公告，以维护其数字资产的安全。 参考来源：New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (thehackernews.com)     转自FreeBuf，原文链接：https://www.freebuf.com/news/412651.html 封面来源于网络，如有侵权请联系删除

A vulnerability has been found in libslirp 4.1.0 and classified as critical. Affected by this vulnerability is the function snprintf of the file tcp_subr.c. The manipulation as part of Return Value leads to buffer overflow. This vulnerability is known as CVE-2020-8608. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Oracle Java SE 7u301. This affects an unknown part of the component JNDI. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-2432. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been classified as critical. Affected is the function route4_change of the file net/sched/cls_route.c of the component Traffic Control Networking Subsystem. The manipulation leads to use after free. This vulnerability is traded as CVE-2021-3715. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. In early September 2024, Veeam released security updates to address multiple vulnerabilities impacting its products, […]

Steam 开始告诉用户他们购买的是数字产品的许可证，是使用授权而不是真正拥有。此举可能是为了遵守加州即将于明年生效的新法律。新法律 AB 2426 旨在回应索尼 PS 和育碧，育碧今年早些时候关闭了《The Crew》的服务器，从用户账号里删除该游戏；索尼去年宣布从用户的 PlayStation 库内删除其购买的 Discovery 内容，引发争议后撤回了这一决定。数字商店必须告诉客户他们购买的是许可证，否则 AB 2426 将禁止其使用“buy”或者“purchase”等术语。新法律不适用于 GOG 商店，该商店出售的都是 DRM-free 游戏，安装游戏不需要联网。

Haha! I’m seated here thinking, “Should I change this title from ‘Idea’ to ‘Rant’ instead?” It would

A vulnerability, which was classified as problematic, was found in ezContents 1.4.5. This affects an unknown part of the file index.php. The manipulation of the argument link leads to path traversal. This vulnerability is uniquely identified as CVE-2007-6368. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in IPTel SERWeb 2.0.0dev1. Affected is an unknown function of the file js/get_js.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2007-6290. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in IPTel SerWeb 2.0.0dev1. It has been rated as critical. This issue affects some unknown processing in the library load_phplib.php of the file load_lang.php. The manipulation of the argument _PHPLIB[libdir] leads to code injection. The identification of this vulnerability is CVE-2007-6289. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in WordPress PictPress 0.91 and classified as problematic. This vulnerability affects unknown code of the file resize.php. The manipulation of the argument path leads to path traversal. This vulnerability was named CVE-2007-6369. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in SineCMS 2.3.4. Affected by this vulnerability is an unknown functionality. The manipulation of the argument anno leads to sql injection. This vulnerability is known as CVE-2007-6366. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in SineCMS 2.3.4. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2007-6367. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IP Phone 7940 and classified as critical. This issue affects some unknown processing of the component SIP Handler. The manipulation with the input INVITE leads to memory corruption. The identification of this vulnerability is CVE-2007-5583. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to disable the affected component.

A vulnerability was found in Rayzz Rayzz Script 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library common/classes/class_headerhandler.lib.php of the file class_HeaderHandler.lib.php. The manipulation of the argument CFG[site][project_path] leads to path traversal. This vulnerability is known as CVE-2007-6230. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Rayzz Rayzz Script 2.0. It has been classified as critical. Affected is an unknown function in the library common/classes/class_headerhandler.lib.php. The manipulation of the argument CFG[site][project_path] leads to code injection. This vulnerability is traded as CVE-2007-6229. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Rs Gallery2 up to 2.0 Beta 5 on Joomla. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is uniquely identified as CVE-2007-6362. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.