Aggregator

mySCADA myPRO曝重大漏洞，攻击者可控制工业设施，未授权访问或致严重运营中断和财务损失。CVSS评分9.3，命令注入风险极高。

A vulnerability was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. It has been rated as critical. This issue affects the function xsk_unbind_dev. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-49215. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. This affects the function dp_panel_handle_sink_request. The manipulation of the argument dp_display leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49221. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. Affected by this issue is the function of_parse_phandle. The manipulation leads to improper update of reference count. This vulnerability is handled as CVE-2022-49213. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.17.1. Affected is the function of_find_device_by_node. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-49216. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.17.1. Affected by this issue is some unknown functionality of the file drivers/gpu/drm/drm_dp_helper.c. The manipulation leads to improper validation of array index. This vulnerability is handled as CVE-2022-49218. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.16.18/5.17.1 and classified as critical. This vulnerability affects the function mt7915_mcu_add_sta. The manipulation leads to memory leak. This vulnerability was named CVE-2022-49230. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been rated as critical. Affected by this issue is the function mt7921_load_patch. The manipulation leads to memory leak. This vulnerability is handled as CVE-2022-49225. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.17.1. This affects the function kobject_init_and_add. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49224. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.17.1. This vulnerability affects the function hw_scan. The manipulation leads to memory leak. This vulnerability was named CVE-2022-49231. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.32/5.16.18/5.17.1 and classified as critical. Affected by this vulnerability is the function pci_store_saved_state. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49219. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 上个月，区块链游戏平台 WEMIX 遭遇网络攻击，导致攻击者窃取了价值约 610 万美元的 8,654,860 个 WEMIX 代币。 在昨天举行的新闻发布会上，WEMIX 首席执行官 Kim Seok-Hwan 确认了这起发生在 2025 年 2 月 28 日的事件，并解释称延迟发布公开声明并非试图掩盖，而是出于保护玩家免受进一步损失的考虑。 “我们在 2 月 28 日发现黑客攻击后，立即关闭了受影响的服务器，并开始进行详细分析，”Kim Seok-Hwan 表示。 “当天，我们向首尔地方警察厅网络调查科提交了刑事投诉，目前国家调查办公室正在进行调查。” “由于最初未能确定确切的入侵方式，立即公开可能会使我们面临更多攻击。” “此外，大部分被盗资产已被出售，影响了市场。鉴于难以保证没有进一步的风险，立即披露可能会引发市场恐慌。” WEMIX 是由韩国游戏公司 Wemade 开发的区块链游戏平台。 WEMIX 生态系统包括其自身的加密货币 WEMIX 代币，并将区块链技术整合到游戏中，提供玩赚（P2E）模式、基于 NFT 的所有权以及去中心化金融（DeFi）功能。 Wemade 以其热门游戏《传奇》而闻名，但自推出 WEMIX 以来，已专注于从旧游戏中汲取灵感的区块链集成游戏。 其中最成功的是 MIR4，仅在 Google Play 上就有超过 500 万次下载。 Wemade 的其他区块链游戏还包括 Night Crows（100 万次下载）、Rise of Stars、Crypto Ball Z 和 MIR M（已停用）。 据昨天的新闻发布会消息，黑客在窃取 NFT 平台“NILE”的监控服务认证密钥后潜入了 WEMIX。 尽管 Wemade 不确定攻击者是如何获取密钥的，但推测可能是通过入侵一个开发者为方便而上传密钥的共享存储库。 黑客在两个月的攻击计划后，尝试了十五次提款，其中十三次成功。 被盗的 WEMIX 代币很快通过加密货币交易所被洗白。 目前，WEMIX 已经下线，所有区块链相关基础设施正在迁移到更安全的环境，公司目标是在 2025 年 3 月 21 日全面恢复服务。 值得一提的是，数字资产交易所联盟（DAXA）已将 WEMIX 指定为“投资谨慎”资产并暂停存款，WEMIX 计划对此提出上诉。   消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

向免费用户全量开放，每月有10次提问机会

A vulnerability was found in Linux Kernel up to 5.15.33/5.16.19/5.17.2. It has been classified as problematic. This affects the function mipi_dbi_poweron_reset_conditional. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49071. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. It has been classified as problematic. This affects the function kfree. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2022-49190. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been rated as critical. This issue affects the function link_enc_cfg_copy. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-49203. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. Affected is the function irdma_sc_ceq_init. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2022-49208. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. Affected by this issue is the function xa_insert. The manipulation leads to memory leak. This vulnerability is handled as CVE-2022-49206. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been declared as critical. This vulnerability affects the function of_find_compatible_node. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2022-49211. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.