Aggregator

首个软件供应链安全国家标准正式实施之日

Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks

1. Play勒索团伙公布新的受害公司 2. RansomHub勒索团伙公布新的受害公司 3. Cactus勒索团伙入侵洛杉矶市住房管理局

A vulnerability was found in Linux Kernel up to 5.15.148/6.1.75/6.6.14/6.7.2. It has been classified as critical. This affects the function trans_stat_show of the component devfreq. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2023-52614. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument max_entries leads to buffer overflow. This vulnerability is handled as CVE-2024-26885. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.92/6.6.32/6.9.3. It has been classified as problematic. This affects the function shutdown of the file net/ipv4/af_inet.c. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-36484. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.9. This issue affects the function __genradix_ptr_alloc in the library lib/generic-radix-tree.c. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-47668. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as critical. This vulnerability affects unknown code of the file drivers/gpu/vmxgfx/vmxgfx_execbuf.c of the component vmwgfx Driver. The manipulation leads to range error. This vulnerability was named CVE-2022-36402. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Mattermost up to 9.5.9/9.11.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Desktop SSO. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is known as CVE-2024-10214. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 9.5.9/9.10.2/9.11.1. Affected by this vulnerability is an unknown functionality of the component Message Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-50052. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.9/9.10.2/9.11.1. This affects an unknown part of the component GraphQL Response Handler. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-47401. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.9/9.10.2/9.11.1. Affected is an unknown function of the component Playbook Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-46872. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server and classified as critical. This vulnerability affects unknown code of the component mod_http2. The manipulation leads to http request smuggling. This vulnerability was named CVE-2020-11993. The attack can be initiated remotely. There is no exploit available. It is recommended to change the configuration settings.

A vulnerability classified as problematic has been found in Apache HTTP Server. This affects an unknown part of the component HTTP2 Request Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2020-9490. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Oracle ZFS Storage Appliance Kit 8.8. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Operating System Image. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2020-11984. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Спецслужбы раскрыли план информационной битвы с помощью табло в Париже.

В чем секреты смертоносных ударов коджа и лэнгла?

A vulnerability was found in Changing Information Technology IDExpert up to 2.8. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10652. The attack may be launched remotely. There is no exploit available.