Aggregator

ADSpider是一款针对活动目录AD的实时安全监控工具，该工具可以帮助广大研究人员更轻松地监控和保护活动目录AD的安全。

A vulnerability, which was classified as problematic, has been found in Sunnet eHRD CTMS up to 10.7. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-10439. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sunnet eHRD CTMS up to 10.13. This vulnerability affects unknown code. The manipulation leads to authentication bypass using alternate channel. This vulnerability was named CVE-2024-10438. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel. This affects the function store_trace_args of the component uprobe. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50067. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SchedMD Slurm. It has been rated as critical. Affected by this issue is some unknown functionality of the component stepmgr. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-48936. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

随着移动支付和信用卡的流行，ATM 机器变得日益稀少，但在现金支付仍然流行的国家，ATM 机器正日益成为犯罪组织的目标。2023 年 3 月 23 日凌晨，德国 Kronber 镇的居民被几声爆炸惊醒了。目击者称看到身穿深色衣服的人乘坐一辆黑色汽车逃向附近的高速公路。犯罪者偷走了 13 万欧元的现金，在抢劫过程中造成了约 50 万欧元的附带损失。欧洲的犯罪组织不再策划富有戏剧性的银行抢劫，而是将 ATM 机器视为更低调更容易抢劫的目标。在欧洲最大经济体德国，犯罪组织以每天超过一台的速度炸 ATM 机器，他们的每次行动可盗取数十万欧元。欧洲刑警组织多年来一直对此展开跨境打击。欧洲刑警组织表示，本月早些时候德国、法国和荷兰执法机构逮捕了一犯罪网络的三名成员，他们多年来一直实施用炸药炸毁 ATM 的抢劫行动。欧洲刑警组织表示，自 2022 年以来，被捕者抢劫了数百万欧元，行动期间造成了类似数额的财产损失。德国仍然流行使用现金，2023 年半数的交易是通过纸币和硬币完成的。德国的文化传统认为现金支付更安全，能提供更多的隐私以及更好的控制支出。

A vulnerability was found in Oracle Sun Data Center InfiniBand Switch 36 up to 2.2.1. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-0235. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

新闻速览 •2024年第三季度电信服务质量通告：下架333款存在问题的不良手机应用 •《全民数字素养与技能发展 […]

信创及信创安全当前已进入快速发展和落地应用的重要阶段，无论工信主管部门还是各重要行业用户的主管单位都出台了一系 […]

Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. The resurgence of physical theft Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by … More →

The post Fraudsters revive old tactics mixed with modern technology appeared first on Help Net Security.

A vulnerability classified as critical was found in Linux Kernel up to 6.8.9. Affected by this vulnerability is the function __skb_linearize of the component tipc. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-36954. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.179/5.10.100/5.15.23/5.16.9. Affected by this issue is some unknown functionality of the component qedf. The manipulation leads to improper update of reference count. This vulnerability is handled as CVE-2022-48823. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.5 and classified as critical. This issue affects the function pciehp_isr of the component IRQ Handler. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2021-47617. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.5. It has been classified as critical. This affects the function __rtnl_newlink of the component rtnetlink. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-48742. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.16.9. This issue affects the function tun_dst_unclone of the component net. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2022-48809. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.4. It has been classified as critical. Affected is the function tcf_skbmod_dump in the library lib/iov_iter.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-35893. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file drivers/net/ethernet/mellanox/mlxsw/core_acl_flex_keys.c of the component spectrum_acl_tcam. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-36007. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.12 and classified as critical. Affected by this issue is the function sdio_add_func. The manipulation leads to memory leak. This vulnerability is handled as CVE-2023-52730. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.16 and classified as problematic. This issue affects the function packet_recvmsg. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2022-48839. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.8 and classified as critical. Affected by this issue is some unknown functionality in the library lib/parman.c of the component spectrum_acl_tcam. The manipulation leads to memory leak. This vulnerability is handled as CVE-2024-35853. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.