每日安全动态推送(7-4)

预览

Tencent Security Xuanwu Lab Daily News

• SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice:
https://seclists.org/fulldisclosure/2024/Jul/5

   ・ SoftMarker Office本地提权漏洞 – SecTodayBot

• CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz:
https://www.broadcom.com/support/security-center/protection-bulletin/cve-2024-36104-path-traversal-vulnerability-in-apache-ofbiz

   ・ Apache OFBiz存在路径穿越漏洞 – SecTodayBot

• CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver:
https://seclists.org/oss-sec/2024/q3/24

   ・ 7zip中出现了缓冲区溢出和越界读漏洞 – SecTodayBot

• Re: Ghostscript 10.03.1 (2024-05-02) fixed 5 CVEs including CVE-2024-33871 arbitrary code execution:
https://seclists.org/oss-sec/2024/q3/21

   ・ Ghostscript最新版本中修复的五个关键CVE漏洞，其中包括一个严重的任意代码执行漏洞（CVE-2024-33871） – SecTodayBot

• 17 vulnerabilities in Sharp Multi-Function Printers:
https://seclists.org/fulldisclosure/2024/Jul/0

   ・ 夏普多功能打印机中的17个安全漏洞，涉及远程代码执行、拒绝服务攻击和凭证泄露等多个方面。 – SecTodayBot

• GHSL-2024-070: Remote Code Execution (RCE) in Chromium - CVE-2024-3833:
https://securitylab.github.com/advisories/GHSL-2024-070_Chromium/

   ・ 分析了在Chrome浏览器中发现的一个关键安全漏洞，该漏洞可能导致恶意网站利用对象损坏来获取渲染器中的代码执行权限。 – SecTodayBot

• Insights on the MOVEit File Transfer Vulnerability:
https://research.trendmicro.com/3XCidbv

   ・ 关于MOVEit漏洞的详细分析 – SecTodayBot

• Introducing BadDNS:
https://blog.blacklanternsecurity.com/p/introducing-baddns

   ・ 一个DNS子域劫持检测工具 – SecTodayBot

• GHSL-2024-089: Path traversal in youtube-dl leading to RCE - CVE-2024-38519:
https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/

   ・ youtube-dl中存在路径穿越漏洞，可导致RCE – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab