Aggregator

和老周一起玩转赛博文化街~

A vulnerability was found in FreeBSD. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component ktrace. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-6760. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

16 名居住在日本名古屋市等地的 10 至 20 多岁年轻人向名古屋地方法院提起诉讼，为抑制气候变化造成的负面影响，要求 10 家电厂削减火力发电产生的二氧化碳（CO2）排放。起诉书称，被告是国内最大规模的 CO2 排放企业，有义务遵循提出把全球平均气温升幅控制在比工业革命前高 1.5 度以内的《巴黎协定》目标进行减排。起诉书主张称，人为排放导致原告等面临气候变化引发的严重灾害危险，以及社团活动等时的中暑风险，且有预测显示今后会受到更严重影响。

A vulnerability was found in FreeBSD. It has been classified as critical. Affected is an unknown function of the component pf. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-6640. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). "BlackSuit actors have exhibited a willingness to negotiate payment amounts," the

A vulnerability was found in Kadence Gutenberg Blocks with AI Plugin up to 3.2.38 on WordPress and classified as problematic. This issue affects some unknown processing of the component Post Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-6884. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Search & Filter Pro Plugin up to 2.5.17 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6481. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-7272. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Unbound up to 1.19.3. Affected by this issue is the function cfg_mark_ports of the file config_file.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-43168. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as problematic was found in Unbound. Affected by this vulnerability is an unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-43167. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as problematic has been found in daniyalahmedk Fuse Social Floating Sidebar Plugin up to 5.4.10 on WordPress. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-5226. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in 10web Slider Plugin up to 1.2.57 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-7150. The attack may be initiated remotely. There is no exploit available.

在美国黑帽大会上（Black Hat USA），Bitdefender和Transilvania Quantum的研究人员将展示攻击者如何针对基于量子技术的基础设施进行攻击。

已修复

奇安信中标某大型国有银行安全测试开源组件安全评估项目，再一次彰显了奇安信在开源安全治理领域的专业实力和市场认可度，同时也反映出金融行业对于提升信息技术基础设施安全性的重视程度。

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Secure Kernel Mode. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-21302. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in HP Poly Clariti Manager up to 10.10.2.2 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-41912. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Update Stack. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-38202. It is possible to initiate the attack remotely. There is no exploit available.

想象一下，你本来出差一周，结果到了目的地之后出差时间被迫延长了八个月，这有可能是波音 Starliner 宇航员的遭遇。Starliner 飞船于 6 月 5 日完成了首次载人飞行测试，将宇航员 Butch Wilmore 和 Suni Williams 送到了国际空间站，原计划在轨停留 8 天，6 月 14 日返回，但由于飞船发现了令人担忧的推进器故障，两名宇航员一直滞留在空间站。NASA 官员表示他们正考虑用 SpaceX 飞船将两名宇航员带回地面。SpaceX 计划在 9 月执行 Crew-9 载人飞行任务，但这次只搭乘两名宇航员而不是通常的四名，Crew Dragon 飞船明年将两名 Starliner 宇航员带回地球。NASA 官员表示他们仍然在与波音合作尝试用 Starliner 飞船运送两名宇航员返回。

A vulnerability has been found in Journyx jtime 11.5.4 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is known as CVE-2024-6890. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.