Aggregator

A vulnerability has been found in Lexmark X94x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2010-0619. The attack can be launched remotely. Furthermore, there is an exploit available.

You can now test the security of persisted GraphQL Queries with Escape's platform. This new capability enhances our GraphQL API security testing

The post Product Updates: Persisted GraphQL Query Support appeared first on Security Boulevard.

A vulnerability classified as critical was found in tcpdump up to 4.9.1. This vulnerability affects the function bgp_attr_print of the file print-bgp.c of the component BGP Parser. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-12991. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. [...]

A vulnerability classified as critical was found in D-Link DI-8100G 17.12.20A1. Affected by this vulnerability is the function sub47A60C of the file upgrade_filter.asp. The manipulation leads to command injection. This vulnerability is known as CVE-2024-44401. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Red Hat Migration Toolkit for Virtualization. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2024-8509. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SPIP up to 4.1.18/4.2.15/4.3.1. It has been rated as very critical. This issue affects some unknown processing of the component Multipart File Upload Handler. The manipulation leads to reliance on file name or extension of externally-supplied file. The identification of this vulnerability is CVE-2024-8517. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in hapifhir HL7 FHIR Core Artifacts up to 6.3.22. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2024-45294. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

中科院研究员使用从嫦娥五号带回的月壤样本中找到的 3 颗火山玻璃珠证明，月球上的岩浆活动可以追溯到 1.2 亿年前。这一研究结果再次刷新了人们对月球岩浆活动的认知。岩浆活动是了解月球热演化的重要依据，岩浆活动停止表明月球失去了内动力，也即地质意义上的“死亡”。科学家根据美国“阿波罗”号和前苏联“月球”号月球探测任务返回的 9 次月球样品，以及从地球上收集到的月球陨石样品曾认为，月球最晚的火山活动发生在 30 亿年前。2021 年我国科学家利用嫦娥五号探测器带回的月壤中挑选出的玄武岩颗粒样品，证明了 20 亿年前月球上仍然存在着较大规模的岩浆活动，将此前认为的月球“寿命”延长了约 10 亿年。科学家通过遥感技术对月球地貌进行观察并通过撞击坑统计定年的数据猜测，月球大在约近 1 亿年可能仍存在火山活动，但却一直没有返回样品的数据支撑。新研究为此提供了证据。

A vulnerability classified as critical was found in Apple macOS up to 10.13.1. This vulnerability affects unknown code of the component tcpdump. The manipulation leads to improper resource management. This vulnerability was named CVE-2017-12989. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management

A vulnerability was found in h2oai H2O up to 3.46.0.4. It has been classified as problematic. This affects an unknown part of the component JDBC Connection Handler. The manipulation of the argument connection_url leads to deserialization. This vulnerability is uniquely identified as CVE-2024-45758. Access to the local network is required for this attack. Furthermore, there is an exploit available.

Cryptography and digital certificates form the security backbone of modern digital enterprises. As organizations increasingly adopt multi-cloud strategies to leverage the best services from different cloud providers, they face significant challenges in managing digital certificates. Mismanaged certificates can lead to outages, security breaches, and compliance violations—issues that no organization can afford. This blog provides a […]

The post Navigating Certificate Lifecycle Management in Multi-Cloud Environments appeared first on Security Boulevard.

继 Safari 和 Chrome 之后，Firefox 也将禁用 HTTP/2 服务器推送。Chrome 是在两年前禁用 HTTP/2 服务器推送，理由是使用率低，它推荐将 rel="preload" 和 103 Early 作为替代。Firefox 一直支持 HTTP/2 推送，但过去几个月遭遇了与 HTTP/2 推送相关的 bug，原因是使用推送的 webserver 和网站没有在 Firefox 上进行测试，结果会导致网站在 Firefox 上停止工作。Firefox 预计会在 ESR 140 前完全移除该功能。

A vulnerability was found in Oi Minha Oi 1.15.0. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5916. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. This vulnerability is handled as CVE-2024-8523. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #399916 / VDB-276728

A vulnerability has been found in Open-Xchange OX Dovecot Pro up to 2.3.21 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DATA Command Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2024-25584. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

美国海军濒海战斗舰曼彻斯特号高级军士长指挥官 Grisel Marrero 最近因在军舰上私装无线网络被定罪降职。美国《海军时报》通过信息自由法（Freedom of Information Act）获得了本案的更多细节。Marrero 等人是在 2023 年初以 2,800 美元购买了 Starlink，悄悄安装在 O-5 级露天甲板上。Starlink 宽带没有提供给大部分士兵或军官使用，而是仅供军士长使用。调查显示至少有 15 名军士长参与了该计划。Starlink 启动之后使用了默认的无线网络名字 STINKY，由于覆盖范围有限，他们后来还购买安装了信号中继器。军舰上的士兵很快注意到了名字不同寻常的无线网络，他们向上级报告了此事，但相关报告被 Marrero 压了下来，没有报告给舰长。Marrero 之后修改了无线网络的名字，使其看起来像是无线打印机的绰号。此事最终曝光是因为在安装授权的 SpaceX Starshield 设备时在露天甲板上发现了未经授权的 Starlink 设备。