Aggregator

A vulnerability classified as critical has been found in Mozilla Thunderbird. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-2614. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox ESR up to 115.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-2616. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 115.8. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-2616. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to up to 115.8. It has been classified as problematic. This affects the function SafeRefPtr. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-2612. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to up to 115.8. It has been declared as problematic. This vulnerability affects the function SafeRefPtr. The manipulation leads to use after free. This vulnerability was named CVE-2024-2612. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Pointer Lock Handler. The manipulation leads to clickjacking. This vulnerability is known as CVE-2024-2611. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-2614. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox. Affected is an unknown function of the component Pointer Lock Handler. The manipulation leads to clickjacking. This vulnerability is traded as CVE-2024-2611. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Track the Click Plugin up to 0.3.11 on WordPress. It has been classified as critical. Affected is an unknown function of the component REST Endpoint. The manipulation leads to sql injection. This vulnerability is traded as CVE-2023-5041. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ExamSys 9150244. This issue affects some unknown processing of the file /Support/action/Pages.php. The manipulation of the argument s_score2 leads to sql injection. The identification of this vulnerability is CVE-2023-52285. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in Studio Network Solutions ShareBrowser up to 6.x on macOS and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper verification of cryptographic signature. This vulnerability was named CVE-2023-44077. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Jms Setting Module up to 1.1.0 on PrestaShop and classified as critical. Affected by this issue is the function JmsSetting::getSecondImgs. The manipulation leads to sql injection. This vulnerability is handled as CVE-2023-50030. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in SWFTools 0.9.2. It has been declared as critical. This vulnerability affects the function countline of the file swf5compiler.flex. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-22912. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Cohesity DataProtect 6.6.0d/6.8.1. This vulnerability affects unknown code of the component TLS Certificate Validation Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2023-33295. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in DependencyCheck up to 9.0.5/9.0.6 on Maven/CLI/Ant and classified as problematic. This vulnerability affects unknown code of the component Debug Mode. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2024-23686. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in NCR Terminal Handler 1.5.1. This affects an unknown part of the component UserSelfService. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2023-47024. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in chasquid up to 1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SMTP Handler. The manipulation leads to injection. This vulnerability is known as CVE-2023-52354. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected is an unknown function of the component Privacy Preferences. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-40528. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in dom96 HTTPbeast up to 0.4.1. Affected by this issue is some unknown functionality of the component parser.nim. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2023-50694. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

HackerNews 编译，转载请注明出处： 微软承诺在宣布一套“主权云”解决方案后，确保欧洲的云数据将在欧洲境内存储和处理。这些解决方案将确保欧洲客户数据留在欧洲，帮助满足合规性和安全性要求。只有位于欧洲的微软员工才能远程访问这些系统。 该方案旨在缓解欧洲云数据和服务可能受其他地区（包括美国）访问或关停要求的担忧。2025年2月，美国总统特朗普签署备忘录，承诺防止外国政府和企业对美国公司实施“歧视”。备忘录特别提到影响美国公司的罚款、措施和政策，并明确提及英国和欧盟。 此次最新声明发布前，微软于4月公布计划，将在未来两年内将欧洲数据中心容量提升40%，包括推出专为欧洲需求定制的主权和公共云模型。微软总裁布拉德·史密斯在4月的公告博文中强调，公司承诺保护欧洲免受外国政府要求的影响：“若任何政府命令微软暂停或终止在欧洲的云服务（尽管可能性极低），我们承诺将立即通过所有法律途径（包括向法院提起诉讼）积极抗辩。” 方案核心内容 6月16日发布的微软主权云解决方案涵盖公共云和私有云基础设施，包含三大支柱：主权公共云、主权私有云和国家合作伙伴云。 主权公共云：将根据特定区域需求配置，无需迁移至专用数据中心，计划2025年下半年在所有欧洲云区域全面推出。新增“数据卫士”功能，要求微软工程师对欧洲数据处理系统的所有远程访问需经欧洲常驻人员实时批准并受其监控。该方案还通过允许客户将Azure连接至其本地硬件安全模块（HSM）或可信第三方托管的密钥，实现加密控制。 主权私有云：将在客户本地部署微软云服务，帮助满足特定数据驻留和主权要求，包含计算、存储、网络和虚拟化等核心Azure功能，今年晚些推出。 国家合作伙伴云：已在法国和德国落地，通过与Orange、Capgemini合资企业Bleu（法国）及SAP子公司Delos Cloud（德国）合作，为公共部门和关键服务提供本地化隔离基础设施。 欧洲主权承诺遭质疑 欧洲数字工作平台Wire首席执行官本杰明·席尔茨对此提出质疑，认为解决方案未必能真正保护欧洲云数据免受外国政府干预：“问题不在意图，而在于现实——任何美国软件公司都可能被法律强制要求实施监控甚至任意中断服务。微软源代码未开源，鉴于法律现实，美国政府完全可以要求微软植入后门获取加密密钥、客户数据及元数据。”       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文