Aggregator

A vulnerability, which was classified as problematic, has been found in Quarkus CXF. Affected by this issue is some unknown functionality of the component SOAP Message Logging. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2024-9621. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Message Filter for Contact Form Plugin up to 1.6.3 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Filter Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12027. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in AI Quiz Plugin up to 1.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Options Update Handler. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-11323. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WP Private Content Plus Plugin up to 3.6.1 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-11292. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in gdlib up to 2.0.28. It has been declared as very critical. Affected by this vulnerability is the function gdimagecreatefrompngctx of the file gd_png.c of the component Graphics. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2004-0990. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

英国批准针对Facebook的集体诉讼 起诉方代表英国4,600万名用户索赔287亿元

I-O Data路由器0Day漏洞被利用，无修复补丁

稳定版内核维护者 Greg Kroah-Hartman 宣布 Linux 6.12 为最新的长期支持内核（LTS）。LTS 将支持两年时间，2024 年 11 月释出的 Linux 6.12 预计将一直支持到 2026 年 12 月，可能会延长支持时间，这要根据软硬件供应商、测试者和开源社区的支持水平而定。Linux LTS 版本在 2023 年前支持最长六年时间，但因缺乏行业和社区支持而再次减少到两年支持时间。目前的 LTS 版本 5.10 和 5.4 仍然支持六年，而 5.15 减少到 5 年，6.1 减少到 4 年，6.6 为 3 年。

U.S. Officials Tell Americans to Use Encrypted Apps as Scope of Cyberattack Grows

客户之声：360安全大模型助力智能运营

保护混合和多云环境的7个PAM最佳实践和8个热门解决方案

英国电信巨头BT集团遭遇勒索攻击，500GB敏感数据恐遭窃取；流行移动安全测试工具曝XSS漏洞，文件名成为攻击新途径 | 牛览

古巴的一座发电厂周三发生故障，导致早已摇摇欲坠的电网再次瘫痪，数百万人断电。周四电网恢复了部分功能，但仍然远远低于需求。政府通知居民，将恢复计划性断电，将按区域每天轮流断电 5 小时。古巴的电网基础设施缺乏维护年老失修，发电量远低于装机容量。电网多年来一直处于崩溃边缘，燃料短缺，自然灾害以及经济危机导致古巴政府无法维护陈旧的基础设施。停电加上食品、药品和水资源短缺，古巴居民的外流创下了历史性高。

A vulnerability, which was classified as critical, has been found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress. Affected by this issue is the function visit_type[service_id]. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-11728. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 4.19.324/6.11.10/6.12.1. Affected by this vulnerability is the function do_name of the file Documentation/driver-api/early-userspace/buffer-format.rst of the component initramfs. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2024-53142. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 4.19.324/6.11.10/6.12.1. Affected is the function bitmap_ip_uadt of the component netfilter. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-53141. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in reputeinfosystems ARMember Plugin up to 4.0.51 on WordPress. It has been rated as critical. This issue affects the function do_shortcode of the component Shortcode Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-10681. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in pencidesign Soledad Plugin up to 8.5.9 on WordPress. It has been declared as problematic. This vulnerability affects the function penci_archive_more_post_ajax_func/penci_more_post_ajax_func/penci_more_featured_post_ajax_func. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability was named CVE-2024-11289. The attack can be initiated remotely. There is no exploit available.