Aggregator

Submit #430029 / VDB-255456

捷克的软件开发商 JetBrains 宣布，用于.NET 开发、以及 Unity (C#) 和 Unreal Engine (C++)游戏开发的 IDE Rider 和 Web, JavaScript 和 TypeScript 的 IDE WebStorm 允许非商业用户免费使用。JetBrains 称，今年早些时候，IDE RustRover 和 Aqua 实施了一种新的许可模式，即面向非商业用途免费提供。现在这一模式扩展到 WebStorm 和 Rider。如果用户将这些 IDE 用于非商业用途，例如学习、开源项目开发、内容创建或业余爱好开发，那么现在可以免费使用这些 IDE。这项变动不涉及商业项目，它将继续实施现有的许可模式。其他 JetBrains IDE 也不受此更新的影响。它将根据效果判断是否可以推广带其它 IDE。

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-10351. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #427957 / VDB-281700

A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. This vulnerability was named CVE-2024-10350. The attack can be initiated remotely. Furthermore, there is an exploit available.

msldap是一款用于审计MS AD的LDAP库，广大研究人员可以利用该工具轻松执行针对MS AD的安全审计任务。

Submit #427706 / VDB-281699

Submit #427705 / VDB-281698

Обычное упущение послужило отправной точкой для масштабных атак.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=tenants of the component Manage Tenant Details. The manipulation of the argument Last Name/First Name/Middle Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10348. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory only shows the field "Last Name" to be affected. Other fields might be affected as well.

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function delete_tenant of the file /ajax.php?action=delete_tenant. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10349. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #427471 / VDB-281697

Submit #427472 / VDB-281696

挪威计划严格执行社交网络最低年龄 15 岁的政策，以保护青少年免受社交网络有害内容和算法的影响。目前使用社交网络的最低年龄是 13 岁。但现实中年龄低于 13 岁的儿童已经在大量使用社交媒体，根据 Norwegian Media Authority 的研究，超过半数的 9 岁儿童、58% 的 10 岁儿童和 72% 的 11 岁儿童已在使用社交媒体。政府承诺采取更多保护措施防止儿童绕过年龄限制，包括修改《Personal Data Act》，要求社交媒体用户必须年满 15 岁才能同意平台处理其个人数据，它正在为社交媒体开发年龄验证屏障。挪威首相周三表示，此举发出了一个强有力的信号，必须保护儿童免受社交媒体有害内容的侵害。这是大型科技巨头与幼儿大脑的较量。这将是一场艰苦的战斗，这也是需要政治的地方。

A new Rust-based variant of the Qilin (Agenda) ransomware strain, dubbed 'Qilin.B,' has been spotted in the wild, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. [...]

Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.

Как 0day-уязвимость в Chrome стала ключом к чужим богатствам.

A vulnerability classified as critical was found in vendure up to 2.3.2/3.0.4. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-48914. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.