Aggregator

45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG

A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. This vulnerability is traded as CVE-2024-10293. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The identification of this vulnerability is CVE-2024-10292. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. This vulnerability was named CVE-2024-10291. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10290. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

Submit #427146 / VDB-281562

Submit #427136 / VDB-281561

Submit #427132 / VDB-281560

Submit #427101 / VDB-281560

Submit #427074 / VDB-275110

Submit #427069 / VDB-281559

Хакеры используют ошибки в написании запросов.

A vulnerability was found in Adobe Acrobat Reader up to 11.0.15/15.006. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2016-4094. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

深信服科技在10月23日举办的2024秋季新品发布会上，推出了两项创新成果：实现动静态数据分类分级和数据风险自 […]

开源情报被确立为情报界核心学科。

本报告提供了一些建议，帮助开源软件的创建者和消费者负责任地管理软件，特别是在保护软件供应链的背景下。无论是软件的消费者还是提供商，您都是软件供应链的一部分，需要保护您使用的应用程序免受上游和下游风险的影响。

A vulnerability, which was classified as critical, has been found in Trend Micro Deep Discovery Inspector. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-46902. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in ICONICS GENESIS64, Hyper Historian, AnalytiX, MobileHMI and Electric MC Works64. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2024-7587. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Главная загадка квантовой запутанности раскрыта.

彭博社报道，英国芯片设计公司 Arm 向其最大客户高通发出了取消芯片设计授权的 60 天通知。此举可能在智能手机和 PC 市场引发混乱，扰乱半导体行业两家最具影响力的公司的财务和运营。高通每年销售数亿个 Arm 处理器，大多数用于 Android 智能手机。如果取消授权生效，高通可能不得不停售占其约 390 亿美元收入大部分的产品，否则将面临巨额索赔。两家公司的冲突始于 2022 年，当时 Arm 提起诉讼，指控高通违反合同和商标侵权。通过取消授权通知，Arm 给高通八周时间去解决分歧。