Aggregator

A vulnerability has been found in TuMusika Evolution 1.7r5 and classified as critical. This vulnerability affects unknown code of the file languages_n.php. The manipulation of the argument uri leads to path traversal. This vulnerability was named CVE-2007-6188. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Web-MeetMe 3.0.3. Affected is an unknown function of the file play.php. The manipulation of the argument bookid leads to path traversal. This vulnerability is traded as CVE-2007-6215. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Apple QuickTime 5.0.1/5.0.2 and classified as critical. Affected by this issue is some unknown functionality of the component MIME Header Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2002-0252. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

由于早前的黑客攻击并泄露了数亿人的数据，美国最大的背景调查公司之一——美国国家公共数据公司（National Public Data，NPD）近日出于多方诉讼压力申请破产。 图片来源：FreeBuf 据悉，NPD 母公司 Jerico Pictures 已于 10 月 2 日向佛罗里达州南区法院申请了破产，该公司在破产申明中表示，2023年12月有黑客入侵了系统，相关数据于今年4月首次出现在Breached黑客犯罪市场中，并点名一位叫USDoD的黑客窃取了这些数据，称其在入侵其他机构（包括 FBI、空客等）方面也取得了巨大成功。 今年6月，以 USDoD 为名的黑客试图以 350 万美元的价格出售被盗数据，声称其中包含 29 亿条美国公民记录。一个多月后，名为Fenice 的黑客在非法市场 BreachForums 上免费发布了一个包含 27 亿条记录的数据库。 这些泄露的数据包括姓名、社会安全号码、电话号码、地址和出生日期。包括数据泄露专家 Troy Hunt 在内的几位网络安全专家已经证实，虽然数据库包含重复项，但大部分信息都是准确的。Hunt 估计，该数据库包括大约 8.99 亿个唯一的 SSN，可能包括部分已经去世的人的信息。 事发后，NPD表示已与执法部门和政府调查人员合作调查该事件，但此后一直没有提供最新情况，该公司也没有向受害者提供身份盗窃保护服务。 NPD破产申明中称公司已无法产生足够的收入来解决广泛的潜在负债，以及承担诉讼辩护和支持调查的费用。该公司表示，他们业务的很大一部分是为医疗机构服务，但这些机构禁止“有背景问题”的企业提供服务。 该公司还承认正面临多起集体诉讼，这些诉讼是由那些认为自己的信息在网络攻击期间被泄露的公民提起。 此外，来自 20 多个州的总检察长要求 NPD 支付违规行为的民事罚款，美国联邦贸易委员会也在审查这一事件。 参考来源： National Public Data files for bankruptcy, citing fallout from cyberattack After breach of billions of records, National Public Data files for bankruptcy     转自FreeBuf，原文链接：https://www.freebuf.com/news/412671.html 封面来源于网络，如有侵权请联系删除

本文将深入分析 Uniswap v3 协议的核心机制及功能设计，提供相关审计要点。

万豪国际酒店集团已同意支付5200万美元作为和解协议的一部分，该数据泄露事件暴露了全球超过3.44亿名客户的信息。这家总部位于马里兰州贝塞斯达的酒店公司还同意加强其数据安全，并解决2014年至2020年间导致三次重大泄露的问题，根据联邦贸易委员会（FTC）的说法。监管机构表示，万豪国际及其子公司喜达屋酒店及度假村将不得不实施“一个健全的信息安全计划以解决指控”。在并行调查后，FTC和49个州以及哥

10月12日，广东省教育厅发布声明： 近日，发现有不法分子入侵我厅短信平台，以“广东省教育厅”名义向师生和家长发送包含非法链接的短信。我厅已第一时间向公安机关报案，并配合开展调查。请广大师生和家长提高警惕，切勿点击短信中的非法链接，避免个人信息泄露或遭受财产损失。 此前，社交媒体上有用户表示，收到一条来自“广东省教育厅”的短信，写着“成人电影”。 文章来源：综合正观新闻、南方都市报 转自安全内参，原文链接：https://www.secrss.com/articles/71121 封面来源于网络，如有侵权请联系删除

A vulnerability was found in WebPromoExperts 1.8 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7590. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Oracle Java SE 7u301/8u291/11.0.11/16.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Library. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2021-2369. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Oracle Java SE 7u301/8u291/11.0.11/16.0.1. This vulnerability affects unknown code of the component Networking. The manipulation leads to information disclosure. This vulnerability was named CVE-2021-2341. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Android. This affects an unknown part of the component i2c Driver. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2019-9454. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 5.5.6 and classified as critical. Affected by this issue is the function set_fdc of the file drivers/block/floppy.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2020-9383. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as problematic was found in Linux Kernel up to 5.6. This vulnerability affects the function ebitmap_netlbl_import of the component SELinux Subsystem. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2020-10711. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.3.11. It has been classified as critical. Affected is an unknown function of the file drivers/input/ff-memless.c of the component USB Device Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2019-19524. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel 5.0.21. It has been rated as critical. This issue affects the function ext4_put_super of the file fs/ext4/super.c of the component ext4 Filesystem Image Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2019-19447. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Linux Kernel 5.4.0-rc2. It has been rated as critical. This issue affects the function __blk_add_trace of the file kernel/trace/blktrace.c. The manipulation leads to use after free. The identification of this vulnerability is CVE-2019-19768. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 5.1.6. Affected is the function dlpar_parse_cc_property of the file arch/powerpc/platforms/pseries/dlpar.c. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2019-12614. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.2.9 and classified as problematic. This issue affects the function xfs_setattr_nonsize of the file fs/xfs/xfs_iops.c of the component XFS File System. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2019-15538. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 4.14.10. This affects the function allocate_trace_buffer of the file kernel/trace/trace.c. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2017-18595. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 4.14.14. This vulnerability affects the function i2c_smbus_xfer_emulated of the file drivers/i2c/i2c-core-smbus.c. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2017-18551. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.