Aggregator

安全可靠测评通过对产品及其研发单位的核心技术、安全保障、持续发展等方面开展评估，评定产品的安全性和可持续性，实现对产品研发设计、生产制造、供应保障、售后维护等全生命周期安全可靠性的综合度量和客观评价。

A vulnerability classified as problematic has been found in Imperva SecureSphere 9.0.0.5. This affects an unknown part of the component Error Message Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2013-4093. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Эксперименты показали высокую эффективность нового оружия.

Таганский суд Москвы обязал компанию выплатить 3,5 млн рублей.

A vulnerability classified as problematic has been found in searchEveryAuction up to 1.53. This affects an unknown part of the file auction.pl. The manipulation of the argument searchstring leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-4229. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Demons’ appeared first on Security Boulevard.

Intel Broker宣称通过第三方承包商非法访问了诺基亚的敏感信息，并在BreachForums论坛上以20000美元的价格出售

看雪论坛作者ID：pureGavin

轻松全掌握，大会精彩议程。

Wi-Fi危机 商用路由器面临安全风险

A vulnerability classified as problematic was found in HAPI FHIR up to 6.3.x. This vulnerability affects unknown code of the component Request Handler. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2024-51132. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in LSC Smart Connect Indoor IP Camera up to 7.6.32. This affects an unknown part of the component RTSP Protocol Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-51362. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4. It has been rated as problematic. Affected by this issue is the function simulate_ldr_literal of the component Virtual Address Handler. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2024-50099. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5. It has been declared as problematic. Affected by this vulnerability is the function wwan_rtnl_policy in the library lib/nlattr.c of the component Netlink Attribute Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-50128. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.114/6.6.58/6.11.5. It has been classified as problematic. Affected is the function eswitch_vport_event of the component mlx5. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-50136. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.56/6.11.3/6.12-rc1 and classified as problematic. This issue affects the function fec_ptp_init. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2024-50097. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

@AI安全赛道参赛人

本文将详细披露蔓灵花组织近一年使用过的载体文件以及相应的变化过程