Angie 1.7.0: форк Nginx с улучшенной защитой от DoS
Разработчики Angie представили новую версию своего веб-сервера.
Aggregator
Chainalysis CEO 认为政府可能会使用人工智能代理来追踪链上加密货币违法者
1 year 8 months ago
安全客
严重Ivanti 云设备漏洞在主动网络攻击中被利用
1 year 8 months ago
安全客
揭露“Marko Polo”: 一个以数千人为目标的信息窃取团伙
1 year 8 months ago
安全客
BianLian 和 Rhysida 使用 Azure 进行勒索软件攻击
1 year 8 months ago
安全客
CISA发布协调联邦机构网络安全的计划
1 year 8 months ago
安全客
Versa Networks 在 Versa Director 中暴露了关键 API 漏洞 (CVE-2024-45229)
1 year 8 months ago
安全客
Apple 的 macOS Sequoia 更新引发了与流行安全工具的重大兼容性问题
1 year 8 months ago
安全客
CVE-2024-8698:Keycloak 漏洞使 SAML 身份验证面临风险
1 year 8 months ago
安全客
Citrine Sleet用Mac Linux恶意软件毒害PyPI包
1 year 8 months ago
安全客
攻击面管理“六边形战士”!360获权威报告满分评价
1 year 8 months ago
安全客
【情报实战】黎巴嫩爆炸寻呼机背后的公司和人
1 year 8 months ago
感兴趣的还可以继续深挖。
CVE-2024-41228 | AliyunContainerService Pouch 1.3.1 symlink
1 year 8 months ago
A vulnerability, which was classified as critical, has been found in AliyunContainerService Pouch 1.3.1. This issue affects some unknown processing. The manipulation leads to symlink following.
The identification of this vulnerability is CVE-2024-41228. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2024-47066 | lobehub lobe-chat up to 1.19.12 route.ts server-side request forgery
1 year 8 months ago
A vulnerability classified as critical was found in lobehub lobe-chat up to 1.19.12. This vulnerability affects unknown code of the file src/app/api/proxy/route.ts. The manipulation leads to server-side request forgery.
This vulnerability was named CVE-2024-47066. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-46997 | DataEase up to 2.10.0 h2 Data Source Connection String injection
1 year 8 months ago
A vulnerability classified as very critical has been found in DataEase up to 2.10.0. This affects an unknown part of the component h2 Data Source Connection String Handler. The manipulation leads to injection.
This vulnerability is uniquely identified as CVE-2024-46997. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-46985 | DataEase up to 2.10.0 xml external entity reference
1 year 8 months ago
A vulnerability was found in DataEase up to 2.10.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference.
This vulnerability is handled as CVE-2024-46985. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Commerce Dept. Proposes Ban on Automotive Software & Hardware From China, Russia
1 year 8 months ago
After launching an investigation in February into vehicles made by foreign adversaries, the Biden administration is finally making its move in the name of national security.
Dark Reading Staff
CVE-2024-41721: обнаружена критическая RCE-уязвимость в FreeBSD
1 year 8 months ago
Управление виртуальными машинами перестало быть безопасным для многих администраторов.
美国将禁止中国联网汽车软件和硬件
1 year 8 months ago
在对中国电动汽车征收 100% 关税之后,美国商务部准备事实上禁止中国制造的电动汽车,它将以国家安全的理由禁止中国联网汽车软件和硬件在美国公路上行驶。商务部长 Gina Raimondo 表示,外国竞争对手开发的联网汽车可用于监视,可远程控制,威胁到美国人在公路上的隐私和安全。在极端情况下,他们可能关闭或控制在美国的联网汽车,制造车祸,阻塞交通。中国在 2021 年也实施了类似的禁令,禁止特斯拉汽车进入军事基地和其它国有设施。
Vulnerabilities Found in Popular Houzez Theme and Plugin
1 year 8 months ago
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users