Aggregator

A vulnerability classified as problematic has been found in MangoOS up to 5.1.x. Affected is an unknown function of the component Platform Management Edit Page. The manipulation leads to injection. This vulnerability is traded as CVE-2024-37846. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in MangoOS up to 5.1.x. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-37844. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in MangoOS up to 5.1.x. Affected by this issue is some unknown functionality of the component Active Process Command Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-37845. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Red Hat 3scale API Management Platform 2. This affects an unknown part of the component APICast. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-10295. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. This affects an unknown part of the file /com/esafenet/servlet/user/ReUserOrganiseService.java. The manipulation of the argument userId leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10278. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects unknown code of the file /com/esafenet/servlet/policy/PrintPolicyService.java. The manipulation of the argument policyId leads to sql injection. This vulnerability was named CVE-2024-10279. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

天文学家普遍认为，外星生命应该在行星上出现，毕竟地球是唯一已知有生命的星球。地球拥有稳定的重力和大气层维持适合液态水的温度，并富含碳和氧等基本元素，还有充足的阳光提供能量。因此寻找外星生命时，科学家通常将焦点放在行星上。有研究团队提出在无需行星环境的情况下，仍有可能构建支持生命生存的环境。如水熊虫已证明能在太空真空中存活。研究团队藉由计算机模拟，建构出一种能在太空中自由漂浮且自我生存的生物群落。该群落的直径约为 100 米，由薄而坚硬的透明壳包覆，能稳定维持内部液态水的压力和温度，并产生温室效应。虽然这类生命是否存在仍未知，但此项研究，对于人类未来建造太空殖民地提供了重要的参考资讯。

The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the potential consequences for Nokia and its stakeholders.  The breach reportedly involves a substantial collection of […]

The post Threat Actor IntelBroker Claims Leak of Nokia’s Source Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новая разработка станет серьезным конкурентом американским технологиям в космосе.

The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by creating representative bodies capable of giving an organic response to issues such as those raised at the European level by the Cyber Resilience Act. I have been advocating for years the need to transform a … More →

The post Open-source software: A first attempt at organization after CRA appeared first on Help Net Security.

A CVSS score 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L severity vulnerability discovered by 'David Fiser and Alfredo Oliveira ( Nebula of Trend Micro )' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Amol Dosanjh of Trend Micro' was reported to the affected vendor on: 2024-11-05, 42 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ' Vladislav Berghici of Trend Micro Research' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2024-11-05, 75 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2024-11-05, 76 days ago. The vendor is given until 2025-03-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.