ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ30ÖÜ

Ðû²¼Ê±¼ä 2020-07-27

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê07ÔÂ20ÈÕÖÁ07ÔÂ26ÈÕ¹²ÊÕ¼Çå¾²Îó²î57¸ö£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇTenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î£»£»£»£»£» £»Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î£»£»£»£»£» £»Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î£»£»£»£»£» £»Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î; HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î ¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇMozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î£»£»£»£»£» £»AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷£»£»£»£»£» £»AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î£»£»£»£»£» £»ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤£»£»£»£»£» £»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î ¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖÐ ¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Tenda AC15 AC1900í§ÒâÏÂÁîÖ´ÐÐÎó²î


Tenda AC15 AC1900 goform/AdvSetLanip¶Ëµã±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄ¡®lanIp POST¡¯²ÎÊýÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§ÒâϵͳÏÂÁî ¡£¡£¡£

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68


2. Tesla Model 3δÊÚȨ·­¿ª³µÃÅÎó²î


Tesla Model 3±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É½èÖúÕýµ±Ô¿³×¿¨²¢ÊµÑéNFCÖм̹¥»÷ʹÓøÃÎó²î·­¿ª³µÃÅ ¡£¡£¡£

https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers


3. Phoenix Contact PLCnext Engineer CVE-2020-12499·¾¶±éÀúÎó²î


Phoenix Contact PLCnext Engineer±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É¾ÙÐÐĿ¼±éÀú¹¥»÷£¬£¬£¬£¬£¬£¬¿É»ñÈ¡WebЧÀÍÎļþϵͳÄÚµÄí§ÒâÎļþ ¡£¡£¡£

https://cert.vde.com/en-us/advisories/vde-2020-025


4. Adobe Photoshop CC CVE-2020-9687Ô½½çдÎó²î


Adobe Photoshop CC±£´æÔ½½çдÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É¾ÙÐоܾøЧÀ͹¥»÷»òÕßÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë ¡£¡£¡£

https://helpx.adobe.com/security/products/photoshop/apsb20-45.html


5. HPE nagios plugin for iLO PHP´úÂë×¢ÈëÎó²î


HPE nagios plugin for iLO±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É×¢Èëí§ÒâPHP´úÂë²¢Ö´ÐÐ ¡£¡£¡£

https://github.com/HewlettPackard/nagios-plugins-hpilo/commit/7617b2736a95c7f354198f092febe37e7005c677



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢MozillaÐû²¼À×ÄñÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÑÏÖصÄÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird


2¡¢AvertX IPϵÁÐÉãÏñÍ·±£´æ3¸öÎó²î£¬£¬£¬£¬£¬£¬¿É±»Ê¹ÓÃÌᳫ±©Á¦¹¥»÷


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/07/vulnerabilities-with-avertx-ip-security.html


3¡¢AdobeÐû²¼½ôÆÈÇå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖÐí§Òâ´úÂëÖ´ÐÐÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-photoshop-gets-fixes-for-critical-security-vulnerabilities/


4¡¢ºÚ¿ÍʹÓÃGoogleÔÆÌᳫ´¹ÂÚ¹¥»÷£¬£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/    


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´ASAºÍFTDÖеÄ·¾¶±éÀúÎó²î


Z6¡¤×ðÁú¿­Ê±¡¸ÖйúÇø¡¹¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2020/07/23/cisco-releases-security-updates-asa-and-ftd-software