Aggregator

A vulnerability classified as problematic has been found in Trend Micro Apex One. Affected is an unknown function of the component Security Agent. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-44647. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JIZHI CMS 1.9.4. It has been classified as problematic. This affects an unknown part of the file /admin.php/Admin/adminadd.html. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2021-29334. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in HP OMEN Gaming Hub and Command Center and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2021-3919. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HP Support Assistant and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2022-38395. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in HP PageWide Pro Printer. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-2794. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in Google Android. Affected by this vulnerability is the function resetSettingsLocked of the file SettingsProvider.java. The manipulation leads to permission issues. This vulnerability is known as CVE-2023-40117. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Chrome. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component USB. The manipulation leads to integer overflow. This vulnerability is known as CVE-2023-5849. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component Printing. The manipulation leads to use after free. This vulnerability was named CVE-2023-5852. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Chrome. Affected is an unknown function of the component Profiles. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-5854. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. Affected by this vulnerability is an unknown functionality of the component Reading Mode. The manipulation leads to use after free. This vulnerability is known as CVE-2023-5855. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component Side Panel. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-5856. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

已修复

由多个0day漏洞组成的利用链仍然几乎仅用于（约90%）攻击移动设备。

已修复

由多个0day漏洞组成的利用链仍然几乎仅用于（约90%）攻击移动设备。

Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

Capitol Meridian Partners' Razi on Smarter AI Use, Strong Leadership and Diversity
Many AI models prioritize speed over security, exposing organizations to significant risks. Niloofar Razi, operating partner at Capitol Meridian Partners, stressed the need for companies to evaluate models carefully before adoption.

Energy Department Disputes Nuclear Access Breach Claims in Latest DOGE Controversy
Department of Government Efficiency staffers gained access to accounts on classified networks storing some of the nation's top nuclear secrets according a report published concurrently with a lawsuit arguing the task force is unconstitutional and lacks congressional approval.

Hot Topics Also Include Quantum Computing, Blockchains, Artificial Intelligence
Cryptocurrencies have dramatically failed to live up to their promise, to the extent that the "world would be better" without them, said cryptographer Adi Shamir at this year's RSAC Conference, during an expert panel that touched on artificial intelligence, quantum computing, blockchains and more.