Aggregator

A vulnerability was found in T0pp8uzz Dana IRC client up to 1.1 and classified as critical. Affected by this issue is some unknown functionality of the component IRC Client. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2008-2922. The attack may be launched remotely. Furthermore, there is an exploit available.

图 1 是利用墨菲安全的 jar 检测，快速梳理有漏洞组件的 jar 包图 2、图 3 是快速审计漏洞的时候，需要关注一下web.xml或者xxx Service.xml中的特殊 servlet...

In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized environments. What are the most common vulnerabilities in Kubernetes clusters today, and how can they be mitigated effectively? Kubernetes has made significant progress in security since its inception ten years ago. Security isn’t an afterthought in … More →

The post How isolation technologies are shaping the future of Kubernetes security appeared first on Help Net Security.

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach

A vulnerability was found in Ironman Ironman PowerShell Universal up to 5.0.11. It has been rated as problematic. This issue affects some unknown processing of the component Job Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-50616. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kubell Chatwork Desktop Application up to 2.9.1 on Windows. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to use of potentially dangerous function. This vulnerability was named CVE-2024-50307. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Genians NAC and NAC LTS. It has been classified as problematic. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-23843. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cleo Harmony, VLTrader and LexiCom up to 5.8.0.19 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-50623. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Sunnet eHRD CTMS up to 9.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-10440. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in KDE Kmail up to 6.1.x. Affected is an unknown function of the file ispdbservice.cpp. The manipulation leads to channel accessible by non-endpoint. This vulnerability is traded as CVE-2024-50624. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

ADSpider是一款针对活动目录AD的实时安全监控工具，该工具可以帮助广大研究人员更轻松地监控和保护活动目录AD的安全。

A vulnerability, which was classified as problematic, has been found in Sunnet eHRD CTMS up to 10.7. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-10439. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sunnet eHRD CTMS up to 10.13. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-10438. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel. This affects the function store_trace_args of the component uprobe. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50067. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SchedMD Slurm. It has been rated as critical. Affected by this issue is some unknown functionality of the component stepmgr. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-48936. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

随着移动支付和信用卡的流行，ATM 机器变得日益稀少，但在现金支付仍然流行的国家，ATM 机器正日益成为犯罪组织的目标。2023 年 3 月 23 日凌晨，德国 Kronber 镇的居民被几声爆炸惊醒了。目击者称看到身穿深色衣服的人乘坐一辆黑色汽车逃向附近的高速公路。犯罪者偷走了 13 万欧元的现金，在抢劫过程中造成了约 50 万欧元的附带损失。欧洲的犯罪组织不再策划富有戏剧性的银行抢劫，而是将 ATM 机器视为更低调更容易抢劫的目标。在欧洲最大经济体德国，犯罪组织以每天超过一台的速度炸 ATM 机器，他们的每次行动可盗取数十万欧元。欧洲刑警组织多年来一直对此展开跨境打击。欧洲刑警组织表示，本月早些时候德国、法国和荷兰执法机构逮捕了一犯罪网络的三名成员，他们多年来一直实施用炸药炸毁 ATM 的抢劫行动。欧洲刑警组织表示，自 2022 年以来，被捕者抢劫了数百万欧元，行动期间造成了类似数额的财产损失。德国仍然流行使用现金，2023 年半数的交易是通过纸币和硬币完成的。德国的文化传统认为现金支付更安全，能提供更多的隐私以及更好的控制支出。

A vulnerability was found in Oracle Sun Data Center InfiniBand Switch 36 up to 2.2.1. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-0235. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

新闻速览 •2024年第三季度电信服务质量通告：下架333款存在问题的不良手机应用 •《全民数字素养与技能发展 […]

信创及信创安全当前已进入快速发展和落地应用的重要阶段，无论工信主管部门还是各重要行业用户的主管单位都出台了一系 […]