每日安全动态推送(12-1)
2023-12-1 12:19:27 Author: mp.weixin.qq.com(查看原文) 阅读量:8 收藏

Tencent Security Xuanwu Lab Daily News

• (CVE-2023-3368) Chamilo LMS Unauthenticated Command Injection:
https://starlabs.sg/advisories/23/23-3368/

   ・ Chamilo开源学习管理系统存在命令注入漏洞,攻击者可利用该漏洞远程执行代码。 – SecTodayBot

• Analysis of CVE-2023-46214 + PoC:
https://blog.hrncirik.net/cve-2023-46214-analysis

   ・ Splunk Enterprise中的远程代码执行(RCE)漏洞。Splunk Enterprise版本低于9.0.7和9.1.2未对用户提供的可扩展样式表语言转换(XSLT)进行安全处理。 – SecTodayBot

• Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates:
https://seclists.org/oss-sec/2023/q4/248

   ・ Python Cryptography存在CVE-2023-49083漏洞,加载PKCS7证书时可能导致NULL指针解引用和段错误。 – SecTodayBot

• GitHub - 0xdea/semgrep-rules: A collection of my Semgrep rules to facilitate vulnerability research.:
https://github.com/0xdea/semgrep-rules

   ・ 这篇文章介绍了Semgrep规则集,用于简化漏洞研究,包括C/C++缓冲区溢出、整数溢出、格式化字符串、内存管理、命令注入、竞争条件和权限管理等多个方面的规则。 – SecTodayBot

• GitHub - floranguyen0/tranchess-vulnerability-disclosure:
https://github.com/floranguyen0/tranchess-vulnerability-disclosure

   ・ Tranchess协议的ShareStaking合约存在一个潜在的漏洞,可能导致令人惊讶的损失。开发者和安全研究人员需要注意对任何gas优化技术的关注,以避免潜在的危险行为。 – SecTodayBot

• A Detailed Look at Pwn2Own Automotive EV Charger Hardware:
https://www.thezdi.com/blog/2023/11/28/a-detailed-look-at-pwn2own-automotive-ev-charger-hardware

   ・ Pwn2Own汽车EV充电器硬件详细解析:该文章提供了即将举行的Pwn2Own汽车比赛中目标EV充电器的详细图像,以帮助参赛者了解比赛中所使用的EV充电器的组件硬件。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959444&idx=1&sn=62134b2eef47890dba39f988c279d533&chksm=8baed00bbcd9591d1c780342ca3b1f81cf87a78955082bebb9ebc0878da8373f14fcecbf96a7&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh