Aggregator

CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months 1 week ago

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate system memory, escalate privileges, or access sensitive information. CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability The […]

The post CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-21848 | Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3 nfp_app_ctrl_msg_alloc null pointer dereference (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. Affected by this vulnerability is the function nfp_app_ctrl_msg_alloc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21848. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21857 | Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3 tcf_exts_miss_cookie_base_alloc null pointer dereference (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. This vulnerability affects the function tcf_exts_miss_cookie_base_alloc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21857. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21856 | Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3 device_release use after free (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been rated as critical. This issue affects the function device_release. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21856. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21861 | Linux Kernel up to 6.12.16/6.13.4/6.14-rc3 migrate_device_finalize reference count (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.12.16/6.13.4/6.14-rc3 and classified as critical. This issue affects the function migrate_device_finalize. The manipulation leads to improper update of reference count. The identification of this vulnerability is CVE-2025-21861. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21739 | Linux Kernel up to 6.12.13/6.13.2/6.14-rc1 Ufshcd devm_blk_crypto_profile_init use after free (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. It has been rated as critical. This issue affects the function devm_blk_crypto_profile_init of the component Ufshcd Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21739. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21844 | Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3 SMB Client receive_encrypted_standard null pointer dereference (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected by this issue is the function receive_encrypted_standard of the component SMB Client. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21844. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-21693 | Linux Kernel up to 6.12.11 mm zswap_compress/zswap_decompress initialization (Nessus ID 234058)

Vuldb Updates
5 months 1 week ago
A vulnerability has been found in Linux Kernel up to 6.12.11 and classified as problematic. This vulnerability affects the function zswap_compress/zswap_decompress of the component mm. The manipulation leads to improper initialization. This vulnerability was named CVE-2025-21693. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2012-1990 | Schneider Electric Kerweb 3.0 kw.dll evtvariablename cross site scripting (EDB-37137 / BID-53409)

Vuldb Updates
5 months 1 week ago
A vulnerability, which was classified as problematic, was found in Schneider Electric Kerweb 3.0. Affected is an unknown function in the library kw.dll. The manipulation of the argument evtvariablename leads to cross site scripting. This vulnerability is traded as CVE-2012-1990. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

美国暂停对等关税 90 天,对华关税提高到 125%

Solidot
5 months 1 week ago
美国总统特朗普宣布暂停征收对等关税 90 天,但维持 10% 基准关税。与此同时,对华关税提高到 125%。特朗普接受媒体采访时解释称,原因是“逾 75 个国家”为解决贸易问题要求谈判,并未采取反制措施。他表示:“人们之前感到不安。应该带一点灵活性,我能做到这一点。”暂停期间将同意与各国家和地区谈判,他自信地表示“应该可以同包括中国在内的任何国家达成协议”。美国财政部长贝森特称,按不同领域加征关税的措施没有变。欧盟(EU)成员国 9 日批准了针对美国政府加征关税的首次反制措施。15 日起分阶段启动。这是因钢铁和铝制品被征收关税的对抗措施,将对农产品、钢铁、家电等总计约 210 亿欧元的美国制品加征关税。

守护核心数据安全,CACTER EDLP助力某机械制造企业筑牢邮件防泄密防线

嘶吼
5 months 1 week ago

Forrester研究报告显示,高尖技术行业因数据泄露造成的损失就超过20亿美元,而邮件泄密占比高达63%。邮件作为企业核心通信工具,承载的已不仅是信息传递功能,更成为了商业机密的“生命线”。

在这个全员皆有可能成为“漏洞”的时代,如何让每封承载核心数据资产的邮件“安心出发”,成为了关乎企业存续的必答题。

某机械制造企业的邮件数据安全困境

某大型机械制造企业业务广泛,覆盖全球近 120 个国家和地区,拥有超 3000 名员工。企业日常邮件传输中,高精度技术图纸、投标文件、供应链数据等核心数据资产频繁流转,其安全防线需求呈现 “三高” 特性:高敏感数据、高频数据传输、高合规要求,同时也面临以下三大严峻挑战: 

挑战一:政策合规高压线

依据国家网信办发布的《中华人民共和国网络安全法》,关键信息基础设施运营者需对邮件系统进行等保 2.0 三级以上认证,并部署防泄露技术,如内容过滤、行为审计等。对于该机械制造企业而言,满足这些合规要求刻不容缓。 

挑战二:核心数据资产“隐形泄露”

该企业核心部门通常借助邮件传输技术图纸和工艺等重要文件,这些文件多以 pdf、cad等格式存在。如果依靠传统人力审查的方式,面对高密度、高频率的邮件附件,不仅识别效率极低,更存在 “看得见,管不住” 的管控漏洞,核心数据资产随时可能 “隐形泄露”。

挑战三:员工合规意识薄弱

该企业架构复杂,下设 9 个职能部门、6 个业务部门以及 8 家二级管理公司,员工数量庞大且安全意识参差不齐。员工因失误不慎泄露机密文件的风险较高,给企业带来了巨大的安全隐患。

面对政策、内容、人员的三重挑战,该企业需要的不是单点补漏,而是一套“会思考”的系统化智能防线。

CACTER EDLP 构筑三层智能安全防线

CACTER邮件数据防泄露系统(以下简称“CACTER EDLP”) 凭借自研AI多维行为分析与实时预警技术,提供从内容识别、传输加密到合规审计的全链路数据防护,为该企业构建起 “三层安全防护网”,全面应对上述挑战:

精准识别,全方位守护数据资产安全

1. 机械制造企业日常中常包含cad图纸,技术文档等复杂文件,CACTER EDLP支持识别rar、zip、cad、后缀为空等上千种类型,确保技术图纸、工艺文件等核心数据在邮件传输中无遗漏地被检测。

2. 针对机械制造行业的高敏感数据,系统可通过敏感关键字管控邮件,防止员工误发或故意发送包含技术参数、投标报价等敏感内容的邮件。

3. 对于隐匿性强的文件内容(如在文档中嵌入的图片、文本),系统能够完全暴露并检测文件内容,确保技术图纸中的注释、说明等细节不会因嵌入文件而被忽视。

灵活策略,千人千面的精准管控

CACTER EDLP的策略配置灵活智能,满足该企业复杂的组织架构场景:

1. 分级管控:机械制造企业组织架构复杂,不同部门对数据安全要求各异。系统支持设立"红黄绿"三级管控区,重点部门(如研发、采购)的邮件可单独实施"双人审批+内容脱敏",确保高敏感数据安全

2. 多级审批:系统支持自动抄送、自动密送等功能,员工无感知,保障监管无死角,确保邮件管控的灵活性与合规性

3. 批量审批:系统可制定员工的邮件按时间频率集中审批,重点人员邮件可实时审批,大大缩减审批时间,提高工作效率

应急防控,一键召回守护内部信息安全

该企业内部信息流转频繁,一旦敏感信息通过邮件泄露,后果不堪设想。CACTER EDLP 与 Coremail 邮件系统无缝对接,支持对站内邮件进行召回。即便邮件已通过 CACTER EDLP 检测并发送,管理员仍可一键召回站内邮件,有效防止敏感信息在企业内部随意传播,加强内部信息安全管理。且召回操作全程留痕,完全满足审计要求。

客户评价

该企业对CACTER EDLP的使用体验给予了高度评价。操作界面直观易用,策略配置灵活智能,满足了企业不同部门和业务场景下的个性化需求,提高了邮件管控的精准度和效率。

“CACTER EDLP的邮件全检和域内召回功能是我们最关注的亮点。系统部署顺利,团队响应及时,服务专业性令人满意。”

——该机械制造企业IT负责人

当每封邮件都可能影响企业命脉,安全防护必须从‘被动堵漏’转向‘主动防御’。CACTER邮件数据防泄露系统(CACTER EDLP),凭借精准多维AI识别技术与灵活全面的管控策略,为中国制造筑牢安全防线,助力企业在未来的全球舞台上稳健前行。

CACTER EDLP

支持免费试用15天!

扫码添加“CACTER小助手” 

或直接致电咨询:400-000-8664

Coremail邮件安全

Managed ad