SecEvery - Vulnerability Warning
2024-07-23
某些版本的 Docker Engine 中检测到安全漏洞,该漏洞可能允许攻击者在特定情况下绕过授权插件 \(AuthZ\)。使用特制的 API 请求,Engine API 客户端可以让守护进程将请求或响应转发给授权插件,而无需正文。在某些情况下,授权插件可能会允许原本会拒绝的请求(如果正文已转发给它)。
2024-07-23
帆软工具软件存在0day漏洞,访问URL:/webroot/decision/view/ReportServer?test\=&n\=,可执行GET参数n中的SQL语句。经与帆软确认,该漏洞是由于帆软自带的sqlite\-jdbc\-x.x.x.x.jar驱动导致。
2024-07-23
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
2024-07-23
Microsoft Internet Explorer contains a use\-after\-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that \(1\) was not properly allocated or \(2\) is deleted, as demonstrated by a CDwnBindInfo object.