Aggregator

看雪论坛作者ID：haogl

月圆人安长胜意，事事遂心常喜乐

适合新手入门

看雪论坛作者ID：Qanux

A vulnerability classified as critical has been found in Mattermost Desktop App up to 5.8.0. Affected is an unknown function of the file cmd.exe of the component Absolute Path Handler. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-39613. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DIR-X4860 A1 1.00/1.04. It has been rated as very critical. This issue affects some unknown processing of the component Web Service. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-45695. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-X4860 A1 1.00/1.04. It has been declared as critical. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to os command injection. This vulnerability was named CVE-2024-45698. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Apple Safari up to 10.0. It has been classified as critical. This affects an unknown part of the component Authentication. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-2389. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

AST SpaceMobile бросает вызов традиционным операторам.

A vulnerability was found in D-Link DIR-X4860 A1 and COVR-X1870. It has been classified as critical. This affects an unknown part of the component Telnet Service. The manipulation leads to backdoor. This vulnerability is uniquely identified as CVE-2024-45696. The attack needs to be done within the local network. There is no exploit available.

Under-fire DNA testing firm 23andMe will pay $30m to settle class action lawsuit

A vulnerability classified as critical has been found in Apple tvOS up to 10.1. This affects an unknown part of the component WebKit. The manipulation leads to cross site scripting (Universal). This vulnerability is uniquely identified as CVE-2017-2475. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

#DC域 #AS-REP #TGT票证窃取 #AutoLogon凭据 #DCSync攻击

A vulnerability, which was classified as problematic, has been found in JSP and MySQL Administrador Web 1. This issue affects some unknown processing of the file sys/sys/listaBD2.jsp. The manipulation of the argument bd leads to cross site scripting. The identification of this vulnerability is CVE-2015-6945. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Franklinfueling Ts-550 Evo up to 2.0.0.6832. This affects an unknown part. The manipulation leads to credentials management. This vulnerability is uniquely identified as CVE-2013-7248. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Flappy Bird 手游原作者、越南开发者 Dong Nguyen 通过其社交媒体账号发表了简短声明，称他与最近准备重新上线的 Flappy Bird 的一个扩展版本无关，他没有卖掉游戏，也不支持加密货币。Flappy Bird 的一个扩展版本由名叫 Flappy Bird Foundation 的组织开发，根据该组织的描述，新游戏可能涉及到 Web 3.0、加密货币和 NFT。Flappy Bird Foundation 从 Gametech Holdings LLC 收购了 Flappy Bird 商标。Dong Nguyen 是在 2014 年申请了 Flappy Bird 商标，但因为种种原因在申请商标十年之后它被归类为已放弃，被美国特拉华州公司 Gametech 收购获得，现在则转移到了 Flappy Bird Foundation。

BEUC раскритиковал Fortnite и Minecraft за недобросовестные практики.

P. S. Квартира и дача останутся при вас.

德国主权科技基金（Sovereign Tech Fund）同意向 Samba 项目拨款 688,800 欧元，用于改进安全性、稳定性和功能性。这笔拨款将持续三年，由雇佣了多名 Samba 核心开发者并提供相关支持的 SerNet 公司管理。这笔拨款将集中在透明故障转移、SMB3 UNIX 扩展、现代安全协议如 SMB over QUIC 等领域上。此举旨在确保 Samba 仍然是一种稳固而安全的独立于私有软件的解决方案，同时提供了最优的互操作性。

A vulnerability was found in NT-ware MiCard PLUS Ci and MiCard PLUS BLE and classified as problematic. Affected by this issue is some unknown functionality of the component Login Handler. The manipulation leads to improper validation of specified type of input. This vulnerability is handled as CVE-2024-1578. Attacking locally is a requirement. There is no exploit available.