Aggregator

大模型供应链研究路线图 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Zoho ManageEngine Analytics Plus up to 6099. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-52323. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SMA Sunny Central SC 1760-US, Sunny Central SC 1850-US, Sunny Central SC 2000 EV-US, Sunny Central SC 2000-US, Sunny Central SC-2200-10, Sunny Central SC 2200-US, Sunny Central SC-2475-10, Sunny Central SC 2500 EV-US, Sunny Central SC 2660 UP, Sunny Central SC 2660 UP-US, Sunny Central SC 2750 EV-US, Sunny Central SC 2750 UP-US, Sunny Central SC 2800 UP, Sunny Central SC 2800 UP-US, Sunny Central SC 2930 UP, Sunny Central SC 2930 UP-US, Sunny Central SC 3060 UP, Sunny Central SC 3060 UP-US, Sunny Central SC 4000 UP, Sunny Central SC 4000 UP-US, Sunny Central SC 4200 UP, Sunny Central SC 4200 UP-US, Sunny Central SC 4400 UP, Sunny Central SC 4400 UP-JP, Sunny Central SC 4400 UP-US, Sunny Central SC 4600 UP, Sunny Central SC 4600 UP-US, Sunny Central Storage SCS-1900-10, Sunny Central Storage SCS-2200-10, Sunny Central Storage SCS 2300 UP-XT, Sunny Central Storage SCS 2300 UP-XT-US, Sunny Central Storage SCS 2400 UP-XT, Sunny Central Storage SCS 2400 UP-XT-US, Sunny Central Storage SCS-2475-10, Sunny Central Storage SCS 2530 UP-XT, Sunny Central Storage SCS 2530 UP-XT-US, Sunny Central Storage SCS 2630 UP-XT, Sunny Central Storage SCS 2630 UP-XT-US, Sunny Central Storage SCS-2900-10, Sunny Central Storage SCS 3450 UP, Sunny Central Storage SCS 3450 UP-US, Sunny Central Storage SCS 3450 UP-XT, Sunny Central Storage SCS 3450 UP-XT-JP, Sunny Central Storage SCS 3450 UP-XT-US, Sunny Central Storage SCS 3600 UP, Sunny Central Storage SCS 3600 UP-US, Sunny Central Storage SCS 3600 UP-XT, Sunny Central Storage SCS 3600 UP-XT-US, Sunny Central Storage SCS 3800 UP, Sunny Central Storage SCS 3800 UP-US, Sunny Central Storage SCS 3800 UP-XT, Sunny Central Storage SCS 3800 UP-XT-US, Sunny Central Storage SCS 3950 UP, Sunny Central Storage SCS 3950 UP-US, Sunny Central Storage SCS 3950 UP-XT and Sunny Central Storage SCS 3950 UP-XT-US. It has been rated as critical. Affected by this issue is some unknown functionality of the component Administration Panel. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-11025. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zabbix up to 7.0.2 and classified as problematic. Affected by this issue is the function curl_write_cb. The manipulation leads to unchecked return value to null pointer dereference. This vulnerability is handled as CVE-2024-42328. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zabbix up to 7.0.3rc1. It has been classified as problematic. This affects the function webdriver_session_query. The manipulation leads to unchecked return value to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-42329. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zabbix up to 6.0.33/6.4.18/7.0.3. It has been declared as critical. This vulnerability affects unknown code of the component HttpRequest Handler. The manipulation leads to format string. This vulnerability was named CVE-2024-42330. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Zabbix up to 7.0.2rc1. Affected by this vulnerability is the function zbx_snmp_cache_handle_engineid of the component Proxy. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-36468. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Zabbix up to 7.0.3. Affected by this issue is the function es_browser_get_variant of the file browser.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-42326. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Internal Linking for SEO Traffic & Ranking Plugin up to 1.2.1 on WordPress. Affected by this issue is the function post_id. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-11009. The attack may be launched remotely. There is no exploit available.

A Threat Actor Allegedly Leaked the Data of Liberty Latin America

高通今年 9 月就潜在收购与芯片巨人展开了初步谈判。但由于交易的复杂性、英特尔的巨大债务和面临的监管障碍，高通收购英特尔的兴趣在降温。高通可能仍会探索收购英特尔的部分业务，以拓展 PC 和网络市场。这项拟议中的收购交易面临重重障碍，包括英特尔的 500 亿美元债务、其 CPU 市场份额日益下降，以及陷入困境的半导体制造业务，而高通的芯片是外包给台积电等公司，它缺乏该领域的知识。如此规模的交易还会面临监管审查，特别是来自中国的审查，中国是两家公司的关键市场。

Даже хакеры-любители способны заработать миллионы, эксплуатируя чужие скрипты.

A Threat Actor Claims to have Leaked Access of FoodTango

华为宣布其 Mate 70 系列新智能手机将搭载不兼容 Android 的 HarmonyOS Next 操作系统。HarmonyOS Next 可运行的应用数量仍然远远逊于 Android。华为表示 HarmonyOS Next 获得了逾 1.5 万应用的支持，未来几个月会扩大到 10 万应用。Mate 70 系列共四款——Mate 70、Mate 70 Pro、Mate 70 Pro Plus 和 Mate 70 RS，非常有意思的是华为在产品的规格页面没有公布处理器型号，它列出了屏幕、摄像头等传感器，电池容量，内存等数据，但就是没有 CPU 以及 GPU。

Fredens of Security Targeted the Website of Aida Diamonds

NoName Targeted Multiple Companies in Australia

RipperSec Targeted the Website of American Jewish University - AJU