Aggregator

A vulnerability was found in Apple macOS up to 13.6/14.6. It has been classified as critical. This affects an unknown part of the component System Files Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-44260. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple macOS up to 13.6/14.6. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2024-44264. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6 and classified as problematic. This vulnerability affects unknown code of the component Game Controller Event Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-44265. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-44257. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

明年1月计划报名截止

速修复

石化巨头们在 2019 年成立了一个宣称要终结塑料污染的联盟 The Alliance to End Plastic Waste(AEPW)，承诺了五年内（截至 2023 年底）通过改善回收和创造循环经济从环境中移除 1500 万吨塑料垃圾。加入联盟的公司都是世界最大的塑料生产商，其中包括了埃克森美孚、陶氏、壳牌、道达尔能源和雪佛龙菲利普斯。但 2023 年初这一目标被移除了，理由是太过于雄心勃勃了。AEPW 的一大目标其实是改变话题，避免推行塑料禁令。绿色和平获得的数据显示，仅仅两类塑料这五大塑料生产商过去五年就生产了 1.32 亿吨，而同期它们只清理了 118,500 吨塑料垃圾，生产的重量千倍于清理的重量。

美国网络安全和基础设施安​全局与国土安全系统工程与发展研究所合作编制了一份被利用最严重的软件缺陷清单。

Interfacing With A Cheap Geiger Counter I got a cheap Geiger counter from Aliexpre

The Proxmox Virtual Environment 8.3 enterprise virtualization solution features management tools and a user-friendly web interface, allowing you to deploy open-source solutions in clustered, highly available setups. This version is based on Debian 12.8 (Bookworm), but uses the Linux kernel 6.8.12-4 as stable default, and allows for opt-in use of kernel 6.11. The software includes updates to the latest versions of leading open-source technologies for virtual environments like QEMU 9.0.2, LXC 6.0.0 , and ZFS … More →

The post Proxmox Virtual Environment 8.3: SDN-firewall integration, faster container backups, and more! appeared first on Help Net Security.

我们精选了本周知识大陆公开发布的10条优质资源，让我们一起看看吧。

A vulnerability, which was classified as problematic, has been found in Grsecurity Kernel Patch 1.9.4. This issue affects some unknown processing of the file /dev/mem of the component Memory Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2002-1826. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Android Authority 援引内部消息来源报道，Google 取消推出第二代 Pixel Tablet 平板电脑，理由是担心亏损。在平板市场上，Android 平板一直无法对苹果 iPad 的地位构成挑战。计划中的 Pixel Tablet 2 代号为 kiyomi，将搭载用于 Google Pixel 9 系列的 Tensor G4 SoC 芯片，有 Wi-Fi 和 5G 两个版本，Google 还为它开发了带触控板的官方键盘外设以帮助提高生产力。Google 可能会跳过二代直接开发第三代，其推出时间可能是 2027 年而不是二代计划的 2025 年。

A vulnerability, which was classified as problematic, has been found in 7-Zip. This issue affects some unknown processing. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-11612. The attack may be initiated remotely. There is no exploit available.

为应对新时期汽车取证行业的应用挑战，美亚柏科打造推出国内首个汽车电子数据取证产品——汽车取证大师，并伴随汽车产 […]

A vulnerability classified as critical was found in IrfanView. This vulnerability affects unknown code of the component WB1 File Parser. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-11512. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IrfanView. This affects an unknown part of the component XCF File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-11511. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been rated as critical. Affected by this issue is some unknown functionality of the component WB1 File Parser. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-11510. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CGM File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-11531. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.