Aggregator

A vulnerability, which was classified as critical, has been found in Dell Secure Connect Gateway 5.14.00.12/5.20.00.10/5.22.00.00. Affected by this issue is some unknown functionality of the component Policy Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-24900. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Dell DUP Framework up to 4.9.9 and classified as critical. This vulnerability affects unknown code. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2023-39254. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Secure Connect Gateway 5.14.00.12/5.20.00.10/5.22.00.00. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Trusted Application Data Store. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-24904. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Dell Secure Connect Gateway 5.14.00.12/5.20.00.10/5.22.00.00. This affects an unknown part of the component Trusted Application Data Store. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-24907. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Secure Connect Gateway 5.14.00.12/5.20.00.10/5.22.00.00. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Trusted Application Data Store. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-24905. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Secure Connect Gateway 5.14.00.12/5.20.00.10/5.22.00.00 and classified as problematic. This issue affects some unknown processing of the component Policy Page. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-24906. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Contribsys Sidekiq 6.5.8. This vulnerability affects the function filter of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-46950. The attack can be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： Atlassian和Cisco本周宣布为其产品中的多个高危漏洞提供补丁，其中包括可导致远程代码执行的缺陷。 Atlassian发布了七项更新，修复了Bamboo、Confluence和Jira中影响第三方依赖项的四个高危漏洞，其中部分漏洞早在近六年前就已公开披露。针对Bamboo数据中心与服务器版、Jira数据中心与服务器版以及Jira服务管理数据中心与服务器版的修复程序，解决了Netplex Json-smart中未经认证即可被利用的拒绝服务（DoS）问题。该安全缺陷编号为CVE-2024-57699。 针对Jira及Jira服务管理的安全更新还修复了一个可导致DoS的XXE（XML外部实体注入）漏洞，编号为CVE-2021-33813。 Confluence数据中心与服务器版修复了两个漏洞，包括Netty应用框架中的DoS漏洞（编号CVE-2025-24970），以及libjackson-json-java库中的XXE漏洞（CVE-2019-10172）。 Atlassian未提及这些漏洞在现实中被利用的情况。 周三，Cisco为Webex App、安全网络分析系统（Secure Network Analytics）和Nexus Dashboard中的三个安全缺陷提供了补丁。 Webex App修复了一个高危漏洞（编号CVE-2025-20236）。攻击者可诱使用户点击特制会议邀请链接并下载任意文件，从而远程执行任意代码。针对安全网络分析系统7.5.0、7.5.1和7.5.2版本的更新修复了一个中危问题，该漏洞允许经过认证的攻击者获取具有root权限的shell访问。 在Nexus Dashboard中，Cisco修复了一个中危漏洞，未经认证的远程攻击者可借此验证有效LDAP用户账号的用户名。 Cisco表示目前未发现这些漏洞在现实中被利用。更多信息可查阅该公司安全公告页面。     消息来源：securityweek；  本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

1. Qilin勒索团伙公布了新的受害公司 2. Medusa勒索团伙公布了新的受害者 3. Sarcoma勒索团伙公布了新的受害公司

1. Qilin勒索团伙公布了新的受害公司 2. Medusa勒索团伙公布了新的受害者 3. Sarcoma勒索团伙公布了新的受害公司

A vulnerability, which was classified as problematic, has been found in Contribsys Sidekiq 6.5.8. This issue affects the function uniquejobs. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-46951. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apache Archiva up to 2.0.0. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-27140. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Stupid Simple CMS 1.2.4. Affected is an unknown function of the file /update-article.php. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-27689. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Bagisto 1.5.1. This affects an unknown part of the component Product Review Option. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-27499. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Apache Ambari up to 2.7.7. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-50378. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Santesoft Sante DICOM Viewer Pro up to 14.0.3. This affects an unknown part of the component DICOM File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-1453. It is possible to initiate the attack remotely. There is no exploit available.

在朝鲜这个充满神秘与传奇色彩的国家，继承问题历来是外界关注的焦点。而近期，一个年仅十岁左右的小女孩——金主爱

本文约4182字，预计阅读时间12分钟。加拿大联合作战情报中心（JOIC）于2025年3月初悄然成立，标志着加拿大国家安全战略迈入新纪元。

株式会社クオリティアが提供するActive! mailには、スタックベースのバッファオーバーフローの脆弱性が存在します。

A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The identification of this vulnerability is CVE-2025-3792. The attack may be initiated remotely. Furthermore, there is an exploit available.