Aggregator

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士本月，微软共修复117个漏洞，其中5个是0day漏洞。其中包括28个提权漏洞、7个安全特性绕过漏洞、43个远程代码执行漏洞、6个信息泄露漏洞、26个

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063随着生成式AI的爆发，社交媒体上的内容越来越真假难辨。为规范人工智能生成合成内容标识，近日，国家网信办起草的《人工智能生

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中国城市和小城镇改革发展中心副主任 刘强今年5月，国家数据局联合有关部门发布《关于深化智慧城市发展 推进城市全域

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063中国常驻联合国副代表戴兵3日表示，要加大力度向“全球南方”提供技术转让和能力建设支持，消弭日益扩大的数字鸿沟，不让任何人

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063根据2024年9月29日国家市场监督管理总局、国家标准化管理委员会发布的中华人民共和国国家标准公告（2024年第22号）

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-823410637月中旬以来，网信部门深入开展“清朗·2024年暑期未成年人网络环境整治”专项行动，全面覆盖直播、短视频、社交、电商等重

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063近日，国家发展改革委、国家数据局、中央网信办、工业和信息化部、财政部、国家标准委联合印发《国家数据标准体系建设指南》（以

A vulnerability was found in lunary-ai lunary up to 1.2.24. It has been rated as critical. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-5127. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in parisneo lollms-webui. Affected by this issue is some unknown functionality of the component add_webpage. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-5482. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in gradio-app gradio. This affects the function save_url_to_cache of the file /queue/join. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2024-4325. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in lightning-ai pytorch-lightning. It has been classified as very critical. This affects an unknown part. The manipulation leads to dynamically-determined object attributes. This vulnerability is uniquely identified as CVE-2024-5452. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in gradio up to 4.31.3. Affected is the function postprocess of the file gradio/components/json_component.py of the component JSON Component. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-4941. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Wyse 5070 Thin Client 1.0.0.8 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-30472. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.10.4. This issue affects the function kfifo_out_linear_ptr of the component sc16is7xx. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-44951. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.45/6.10.4 and classified as critical. Affected by this issue is the function arch_slab_minalign of the component parisc. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-44949. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mr. Ebabi New Order Notification for Woocommerce Plugin up to 2.0.2 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-31098. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in MainWP Staging Extension Plugin up to 4.0.3 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2023-23639. The attack can be initiated remotely. There is no exploit available.

A vulnerability was suspected in Linux Kernel up to 6.1.102/6.6.43/6.10.2. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was found in Linux Kernel up to 6.10.4. It has been classified as problematic. Affected is the function sc16is7xx_startup of the component IRQ Handler. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-44950. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.106/6.6.47/6.10.6. It has been rated as critical. Affected by this issue is the function tcp_sk_exit_batch. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-44991. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.