Linux 内核漏洞：OCFS2 文件系统中发现错误处理 oss-secmailing list archivesFrom: Solar Designer <solar () openwall com>Date:... 2025-2-6 17:39:0 | 阅读: 3 | 收藏 | 玄武实验室每日安全 - seclists.org t9408 ocfs2 refcount cow clusters

pam_pkcs11: 错误情况下的可能认证绕过（CVE-2025-24531） 这篇文章报告了pam_pkcs11 0.6.12版本中的一个安全漏洞：在某些情况下，该模块返回PAM_IGNORE而非PAM_CRED_INSUFFICIENT，导致认证绕过。此问题影响依赖pam_pkcs11作为唯一认证模块的系统。已发布0.6.13版本修复该漏洞。... 2025-2-6 14:57:0 | 阅读: 34 | 收藏 | 玄武实验室每日安全 - seclists.org pam pkcs11 gdm opensc

AMD 微码签名验证漏洞 文章讨论了AMD SEV-SNP漏洞及其修复方法。用户需更新SEV固件和BIOS以支持 attestation，并通过验证TCB值确认修复。然而，若攻击者控制hypervisor和微代码，VM如何确保验证未被欺骗仍存疑。... 2025-2-6 03:38:0 | 阅读: 10 | 收藏 | 玄武实验室每日安全 - seclists.org microcode attestation snp sev jacob

KL-001-2025-002: Checkmk NagVis Remote Code Execution 这篇文章披露了Checkmk NagVis组件中的一个远程代码执行漏洞（CVE-2024-13723），影响Checkmk 2.3.0p2和NagVis 1.9.40版本。攻击者可通过上传恶意.cfg文件并修改配置，使系统执行任意PHP代码。该漏洞已修复于NagVis 1.9.42和Checkmk 2.3.0p10。... 2025-2-4 22:11:9 | 阅读: 7 | 收藏 | Full Disclosure - seclists.org nagvis korelogic checkmk php cmk

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting 这篇文章报告了Checkmk NagVis组件中的反射型跨站脚本（XSS）漏洞（CVE-2024-13722），影响Checkmk 2.3.0p2和NagVis 1.9.40版本。攻击者可通过恶意链接注入JavaScript代码，在用户浏览器中执行任意操作。该漏洞已修复于NagVis 1.9.42和Checkmk 2.3.0p10版本。... 2025-2-4 22:8:34 | 阅读: 6 | 收藏 | Full Disclosure - seclists.org korelogic checkmk nagvis attacker

AMD 微码签名验证漏洞及其缓解措施 文章讨论了AMD Zen 1-4 CPU中的微代码签名验证漏洞，允许本地管理员加载恶意微代码，威胁SEV-SNP等安全功能。AMD于2024年12月发布补丁，Google于2025年2月3日披露细节。... 2025-2-4 10:13:0 | 阅读: 4 | 收藏 | 玄武实验室每日安全 - seclists.org microcode security sev cpus snp

APPLE-SA-01-30-2025-1 GarageBand 10.4.12 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-2-2 07:33:31 | 阅读: 13 | 收藏 | Full Disclosure - seclists.org security garageband pgp 100100

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Full Disclosuremailing list archivesFrom: David Fifield <david () bamsoftware co... 2025-2-2 07:33:16 | 阅读: 9 | 收藏 | Full Disclosure - seclists.org sorry payload client 0x12

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3 Full Disclosuremailing list archivesFrom: hyp3rlinx <apparitionsec () gmail com>... 2025-2-2 07:32:34 | 阅读: 14 | 收藏 | Full Disclosure - seclists.org injects injection elegant loginform napc

Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449 Full Disclosuremailing list archivesFrom: Shaikh Shahnawaz <sshahnawaz99910 () g... 2025-1-30 00:59:17 | 阅读: 54 | 收藏 | Full Disclosure - seclists.org quorum onq shahnawaz shaikh 2064

Deepseek writes textbook insecure code in 2025-01-28 Full Disclosuremailing list archivesFrom: Georgi Guninski <gguninski () gmail co... 2025-1-30 00:58:53 | 阅读: 11 | 收藏 | Full Disclosure - seclists.org deepseek georgi singularity guninski

Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Full Disclosuremailing list archivesFrom: David Fifield <david () bamsoftware co... 2025-1-30 00:58:9 | 阅读: 12 | 收藏 | Full Disclosure - seclists.org sorry payload client 0x12

APPLE-SA-01-27-2025-9 Safari 18.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:31 | 阅读: 77 | 收藏 | Full Disclosure - seclists.org security webkit sonoma ventura addressed

APPLE-SA-01-27-2025-8 tvOS 18.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:29 | 阅读: 75 | 收藏 | Full Disclosure - seclists.org addressed hd security termination software

APPLE-SA-01-27-2025-7 watchOS 11.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:27 | 阅读: 73 | 收藏 | Full Disclosure - seclists.org addressed security memory termination analysis

APPLE-SA-01-27-2025-6 macOS Ventura 13.7.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:25 | 阅读: 111 | 收藏 | Full Disclosure - seclists.org ventura addressed security anonymous termination

APPLE-SA-01-27-2025-5 macOS Sonoma 14.7.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:22 | 阅读: 179 | 收藏 | Full Disclosure - seclists.org sonoma addressed termination security memory

APPLE-SA-01-27-2025-4 macOS Sequoia 15.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:20 | 阅读: 399 | 收藏 | Full Disclosure - seclists.org sequoia addressed security anonymous termination

APPLE-SA-01-27-2025-3 iPadOS 17.7.4 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:18 | 阅读: 74 | 收藏 | Full Disclosure - seclists.org inch 2nd 6th addressed security

APPLE-SA-01-27-2025-2 iOS 18.3 and iPadOS 18.3 Full Disclosuremailing list archivesFrom: Apple Product Security via Fulldisclos... 2025-1-28 00:7:16 | 阅读: 122 | 收藏 | Full Disclosure - seclists.org inch 3rd 1st 7th xs