Aggregator

- Midnight Blizzard 使用 RDP 文件进行大规模鱼叉式网络钓鱼活动 - UNC5812 针对乌克兰军事新兵传播反动言论 - Kimsuky组织滥用PebbleDash和RDP Wrapper

Today, the Department of Commerce and Natcast, the operator of the National Semiconductor Technology Center (NSTC), announced Sunnyvale, California as the expected location for the CHIPS for America Design and Collaboration Facility (DCF), an NSTC

胡金鱼

Linux 作者 Linus Torvalds 在维也纳举行的开源峰会上接受采访时表示，他抛弃了传统的内燃机汽车，用一辆沃尔沃的电动汽车取代了它。他称自己不喜欢内燃机，电动汽车驾驶起来更有趣，他对自动驾驶没什么兴趣。电动汽车配备的辅助驾驶系统能车道跟随，制造更简单。厂商不需要十年经验就能造出优秀的电动马达，传统汽车马达的零部件数量相比电动马达高出两个级别。他认为车载系统运行的是 Linux，但无疑去修改它。沃尔沃电动汽车运行的操作系统是 VolvoCars.OS，底层系统包括了 Android Automotive、OS、Autosar 和 Linux。Torvalds 表示他不是汽车迷，汽车对于他就是一个方便的工具。

首个软件供应链安全国家标准正式实施之日

Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks

1. Play勒索团伙公布新的受害公司 2. RansomHub勒索团伙公布新的受害公司 3. Cactus勒索团伙入侵洛杉矶市住房管理局

A vulnerability was found in Linux Kernel up to 5.15.148/6.1.75/6.6.14/6.7.2. It has been classified as critical. This affects the function trans_stat_show of the component devfreq. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2023-52614. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument max_entries leads to buffer overflow. This vulnerability is handled as CVE-2024-26885. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.92/6.6.32/6.9.3. It has been classified as problematic. This affects the function shutdown of the file net/ipv4/af_inet.c. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-36484. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.9. This issue affects the function __genradix_ptr_alloc in the library lib/generic-radix-tree.c. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-47668. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as critical. This vulnerability affects unknown code of the file drivers/gpu/vmxgfx/vmxgfx_execbuf.c of the component vmwgfx Driver. The manipulation leads to range error. This vulnerability was named CVE-2022-36402. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Mattermost up to 9.5.9/9.11.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Desktop SSO. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is known as CVE-2024-10214. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mattermost up to 9.5.9/9.10.2/9.11.1. Affected by this vulnerability is an unknown functionality of the component Message Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-50052. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.9/9.10.2/9.11.1. This affects an unknown part of the component GraphQL Response Handler. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-47401. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mattermost up to 9.5.9/9.10.2/9.11.1. Affected is an unknown function of the component Playbook Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-46872. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server and classified as critical. This vulnerability affects unknown code of the component mod_http2. The manipulation leads to http request smuggling. This vulnerability was named CVE-2020-11993. The attack can be initiated remotely. There is no exploit available. It is recommended to change the configuration settings.

A vulnerability classified as problematic has been found in Apache HTTP Server. This affects an unknown part of the component HTTP2 Request Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2020-9490. It is possible to initiate the attack remotely. There is no exploit available.