Aggregator

2024-源鲁杯 [Round2]&[Round3] RE部分WP

利用Tai-e探测反序列化漏洞（其一）

kernel从小白到大神(三)

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

Cisco обновляет защиту сетей, внедрив способ блокировки хакеров.

以色列网络安全公司Hudson Rock发现 一个据称包含3.5亿条Hot Topic顾客个人和支付数据的庞大数据库，在暗网上被公开出售。

Каждая секунда промедления увеличивает риск вторжения в корпоративную сеть.

Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts

给现在的学生和青年学者的将来提供一个更好的学术环境。

随着人们日益担心科技巨头对数字生活的支配性地位，开源被越来越多的提及，被认为是可以替代来自科技公司的私有服务。然而将开源和科技巨头进行比较就像是像将烤箱与餐厅进行比较。科技巨头的服务是我们数字生活的基础，而开源是软件开发模式，开源软件是公开源代码的软件，它们需要人进行处理才能转变为一种服务。烤箱并不是餐厅。这种差别并不仅仅是语言上的。前不久欧洲议会的一个派别尝试用 Nextcloud 自托管服务取代科技巨头的云服务。他们的实验失败了。开发软件是一整套服务的一部分，它当然是重要的一部分，但支持、培训、迁移、托管等等部分同样极端重要。这并不因为开源不起作用，而是要将开源变成一种替代服务需要投入大量的精力和大量的资金，而基于开源软件的替代服务并不会因为软件不需要钱而太便宜。

Мошенники потеряли 13 миллионов после заявления Дурова.

A vulnerability classified as critical has been found in Apple tvOS up to 10.1. Affected is an unknown function of the component FontParser. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-2407. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.16.14. This vulnerability affects the function sg_start_req of the component swiotlb. The manipulation leads to improper initialization. This vulnerability was named CVE-2022-48853. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.9. It has been declared as problematic. This vulnerability affects unknown code of the component SUNRPC. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-48816. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.211/6.1.79/6.6.18/6.7.6. Affected is the function virtio_crypto_akcipher_session_para of the component crypto. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-26753. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.101/5.15.24/5.16.10. It has been declared as critical. This vulnerability affects the function rpcrdma_ep_create of the component xprtrdma. The manipulation of the argument error leads to null pointer dereference. This vulnerability was named CVE-2022-48773. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.100/5.15.23/5.16.9 and classified as problematic. Affected by this vulnerability is the function stag_work of the file kernel/workqueue.c of the component qedf. The manipulation leads to improper initialization. This vulnerability is known as CVE-2022-48825. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.139/6.1.63/6.5.12/6.6.2. This affects the function virtio_max_dma_size of the component virtio-blk. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2023-52762. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.16.10 and classified as problematic. Affected by this vulnerability is the function vsock_connect. The manipulation leads to state issue. This vulnerability is known as CVE-2022-48786. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in GNU C Library. Affected by this vulnerability is an unknown functionality of the component Netgroup Cache. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-33599. The attack needs to be approached within the local network. There is no exploit available.