Aggregator

公开征求意见的时间为2024年10月12日至2024年11月11日。

今天（14日）我国网络安全机构第三次发布专题报告，进一步公开美国政府机构和“五眼联盟”国家针对中国和德国等其他国家，以及全球互联网用户实施网络间谍窃听、窃密活动，并掌握了美国政府机构通过各种手段嫁祸他国的相关证据。

点击文章，了解最前沿的国际网安资讯！

A vulnerability, which was classified as critical, was found in WP 2FA with Telegram Plugin up to 3.0 on WordPress. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-9687. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WooCommerce Plugin up to 9.0.2 on WordPress. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2024-9944. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Slimstat Analytics Plugin up to 5.2.6 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9548. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in WP 2FA with Telegram Plugin up to 3.0 on WordPress. This affects an unknown part of the component Two-factor Authentication Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-9820. It is possible to initiate the attack remotely. There is no exploit available.

该技术名为 ShadowLogic，凭借操作模型架构的计算图表示，在下游应用程序中触发攻击者定义行为，可能引发AI供应链攻击。

速修复

A vulnerability was found in WPIDE Plugin up to 3.4.9 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-9546. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Elementor Plugin up to 3.23.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function get_image_alt. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-6757. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-46980. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Splunk Enterprise and Cloud Platform and classified as problematic. This issue affects some unknown processing of the component KVStore. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-45737. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in D-Link DCS-960L 1.09 and classified as critical. This vulnerability affects the function sub_402280 of the component HNAP Service. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-48168. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-820L 1.05B03. This affects the function sub_451208. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-48150. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DrayTek Vigor3900 1.5.1.3. Affected by this issue is the function get_subconfig of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-48153. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in INATRONIC com.inatronic.bmw 2.7.1. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-48793. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in PCS Engineering Preston Cinema com.prestoncinema.app 0.2.0. Affected is an unknown function of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-48797. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in ILIFE com.ilife.home.global 1.8.7. It has been rated as problematic. This issue affects some unknown processing of the component Firmware Update Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-48790. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in hideez 2.7.8.3. It has been declared as problematic. This vulnerability affects unknown code of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-48792. The attack can be initiated remotely. There is no exploit available.