创意安天

 找回密码
 注册创意安天

漏洞风险提示(20230512)

[复制链接]
发表于 2023-5-12 09:25 | 显示全部楼层 |阅读模式
免责声明:以下内容原文来自互联网的公共方式,仅用于有限分享,译文内容不代表安天实验室观点,因此第三方对以下内容进行分享、传播等行为,以及所带来的一切后果与译者和安天实验室无关。以下内容亦不得用于任何商业目的,若产生法律责任,译者与安天实验室一律不予承担。

1 mlflow 目录遍历漏洞(CVE-2023-30172)
一、漏洞描述:
mlflow.jpg
        mlflow是一个开源的机器学习生命周期管理平台。该平台的/get-artifact API方法存在目录遍历漏洞,攻击者可以通过path参数读取服务器上的任意文件。
二、风险等级:
        高危
三、影响范围:
        MLflow < v2.0.1
四、修复建议:
        目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
        https://github.com/mlflow/mlflow


2 Adobe Dimension堆缓冲区溢出漏洞(CVE-2023-25882)
一、漏洞描述:
Adobe Dimension.jpg
        Adobe Dimension是美国奥多比(Adobe)公司的是一套2D和3D合成设计工具。
        Adobe Dimension 3.4.7及之前版本存在堆缓冲区溢出漏洞,攻击者可利用该漏洞以当前用户的权限执行任意代码。

二、风险等级:
        高危
三、影响范围:
        Adobe Adobe Dimension <= 3.4.7
四、修复建议:
        目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
        https://helpx.adobe.com/security ... sion/apsb23-20.html


3 Windows 内核特权提升漏洞(CVE-2023-24949)
一、漏洞描述:
Microsoft Windows.jpg
        Windows 是微软开发的一系列操作系统。Windows 内核是操作系统的核心组件,负责管理内存、进程、设备驱动等。该漏洞是由于 Windows 内核对内存对象的访问不当导致的,可能允许攻击者在目标系统上获取系统权限。
二、风险等级:
        高危
三、影响范围:
        Windows 10 Version 22H2 for 32-bit Systems 10.0.19045.2965
        Windows 10 Version 22H2 for ARM64-based Systems 10.0.19045.2965
        Windows 10 Version 22H2 for x64-based Systems 10.0.19045.2965
        Windows 11 Version 22H2 for x64-based Systems 10.0.22000.1702
        Windows 11 Version 22H2 for ARM64-based Systems 10.0.22000.1702
        Windows 10 Version 21H2 for x64-based Systems 10.0.19044.2965
        Windows 10 Version 21H2 for ARM64-based Systems 10.0.19044.2965
        Windows 10 Version 21H2 for 32-bit Systems 10.0.19044.2965
        Windows 11 version 21H2 for ARM64-based Systems 10.0.22000.1936
        Windows 11 version 21H2 for x64-based Systems 10.0.22000.1936
        Windows 10 Version 20H2 for ARM64-based Systems 10.0.19042.2965
        Windows 10 Version 20H2 for 32-bit Systems 10.0.19042.2965
        Windows 10 Version 20H2 for x64-based Systems 10.0.19042.2965
        Windows Server 2022 (Server Core installation)10.0.20348.1726
        Windows Server 2022 (Server Core installation)10.0.20348.1724
        Windows Server 2022 10.0.20348.1726
        Windows Server 2022 10.0.20348.1724
        Windows Server 2019 (Server Core installation) 10.0.17763.4377
        Windows Server 2019 10.0.17763.4377
        Windows 10 Version 1809 for ARM64-based Systems 10.0.17763.4377
        Windows 10 Version 1809 for x64-based Systems 10.0.17763.4377
        Windows 10 Version 1809 for 32-bit Systems 10.0.17763.4377

四、修复建议:
        目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
        https://msrc.microsoft.com/updat ... lity/CVE-2023-24949


4 Windows MSHTML 平台安全功能绕过漏洞(CVE-2023-29324)
一、漏洞描述:
Microsoft Windows.jpg
        Windows 是微软开发的一系列操作系统。MSHTML 是 Windows 的一个组件,负责渲染 HTML 页面。攻击者可以手工创建恶意 URL 来逃避区域检查。
二、风险等级:
        高危
三、影响范围:
        Windows Server 2016 (Server Core installation) 10.0.14393.5921
        Windows Server 2016 10.0.14393.5921
        Windows 10 Version 1607 for x64-based Systems 10.0.14393.5921
        Windows 10 Version 1607 for 32-bit Systems 10.0.14393.5921
        Windows 10 for x64-based Systems 10.0.10240.19926
        Windows 10 for 32-bit Systems 10.0.10240.19926
        Windows 10 Version 22H2 for 32-bit Systems 10.0.19045.2965
        Windows 10 Version 22H2 for ARM64-based Systems 10.0.19045.2965
        Windows 10 Version 22H2 for x64-based Systems 10.0.19045.2965
        Windows 11 Version 22H2 for x64-based Systems 10.0.22000.1702
        Windows 11 Version 22H2 for ARM64-based Systems 10.0.22000.1702
        Windows 10 Version 21H2 for x64-based Systems 10.0.19044.2965
        Windows 10 Version 21H2 for ARM64-based Systems 10.0.19044.2965
        Windows 10 Version 21H2 for 32-bit Systems 10.0.19044.2965
        Windows 11 version 21H2 for ARM64-based Systems 10.0.22000.1936
        Windows 11 version 21H2 for x64-based Systems 10.0.22000.1936
        Windows 10 Version 20H2 for ARM64-based Systems 10.0.19042.2965
        Windows 10 Version 20H2 for 32-bit Systems 10.0.19042.2965
        Windows 10 Version 20H2 for x64-based Systems 10.0.19042.2965
        Windows Server 2019 (Server Core installation) 10.0.17763.4377
        Windows Server 2019 10.0.17763.4377
        Windows 10 Version 1809 for ARM64-based Systems 10.0.17763.4377
        Windows 10 Version 1809 for x64-based Systems 10.0.17763.4377
        Windows 10 Version 1809 for 32-bit Systems 10.0.17763.4377
        Windows Server 2012 R2 (Server Core installation) 6.3.9600.20969
        Windows Server 2012 R2 (Server Core installation) 6.3.9600.20969
        Windows Server 2012 R2 (Server Core installation) 1.1.0.0
        Windows Server 2012 R2 6.3.9600.20969
        Windows Server 2012 R2 6.3.9600.20969
        Windows Server 2012 R2 1.1.0.0
        Windows Server 2012 (Server Core installation) 6.2.9200.24266
        Windows Server 2012 (Server Core installation) 6.2.9200.24266
        Windows Server 2012 (Server Core installation) 1.1.0.0
        Windows Server 2012 6.2.9200.24266
        Windows Server 2012 6.2.9200.24266
        Windows Server 2012 1.1.0.0
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 6.1.7601.26519
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 6.1.7601.26519
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 1.1.0.0
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 6.1.7601.26519
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 6.1.7601.26519
        Windows Server 2008 R2 for x64-based Systems Service Pack 1 1.1.0.0
        Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
        Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
        Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 1.1.0.0
        Windows Server 2008 for x64-based Systems Service Pack 2 6.0.6003.22070
        Windows Server 2008 for x64-based Systems Service Pack 2 6.0.6003.22070
        Windows Server 2008 for x64-based Systems Service Pack 2 1.1.0.0
        Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
        Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 6.0.6003.22070
        Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 1.1.0.0
        Windows Server 2008 for 32-bit Systems Service Pack 2 6.0.6003.22070
        Windows Server 2008 for 32-bit Systems Service Pack 2 6.0.6003.22070
        Windows Server 2008 for 32-bit Systems Service Pack 2 1.1.0.0
        Windows Server 2022 (Server Core installation) 10.0.20348.1726
        Windows Server 2022 (Server Core installation) 10.0.20348.1724
        Windows Server 2022 10.0.20348.1726
        Windows Server 2022 10.0.20348.1724

四、修复建议:
        目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
        https://msrc.microsoft.com/updat ... lity/CVE-2023-29324

您需要登录后才可以回帖 登录 | 注册创意安天

本版积分规则

小黑屋|手机版|Archiver|创意安天 ( 京ICP备09068574,ICP证100468号。 )

GMT+8, 2024-3-29 00:49

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表