Aggregator

CVE-2024-8234 | Zyxel NWA1100-N 1.00(AACE.1)C0 formSysCmd/formUpgradeCert/formDelcert os command injection

2 months 2 weeks ago

A vulnerability was found in Zyxel NWA1100-N 1.00(AACE.1)C0 and classified as critical. This issue affects the function formSysCmd/formUpgradeCert/formDelcert. The manipulation leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-8234. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2024-45302 | RestSharp up to 111.x RestRequest.AddHeader crlf injection (GHSA-4rr6-2v9v-wcpc)

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability has been found in RestSharp up to 111.x and classified as critical. This vulnerability affects the function RestRequest.AddHeader. The manipulation leads to crlf injection. This vulnerability was named CVE-2024-45302. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-8328 | Hwa Jiuh Digital Technology Easy Test Online Learning and Testing Platform prior 24A01 cross site scripting

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability, which was classified as problematic, was found in Hwa Jiuh Digital Technology Easy Test Online Learning and Testing Platform. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8328. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

从0到1、从需求到上线：我如何结合大模型和专业素养来完成一个实际项目

CodeWisdom

2 months 2 weeks ago

多年来，我一直想写一个完整的案例，融入现代软件工程实践，便于那些没有机会做过完整大项目的大学生、或者是想对现

ZDI-CAN-23382: Mintty

ZDI: Upcoming Advisories

2 months 2 weeks ago

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'solid-snail' was reported to the affected vendor on: 2024-08-30, 67 days ago. The vendor is given until 2024-12-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

JVN: IPCOMにおける処理時間の相違に起因する情報漏えいの脆弱性

統合版 JPCERT/CC

2 months 2 weeks ago

エフサステクノロジーズ株式会社が提供するIPCOMのSSLアクセラレータ機能およびSSL-VPN機能には、処理時間の相違に起因する情報漏えいの脆弱性が存在します。

CVE-2024-1543 | wolfSSL up to 5.6.5 Side-Channel Protected T-Table timing discrepancy

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability, which was classified as problematic, has been found in wolfSSL up to 5.6.5. Affected by this issue is some unknown functionality of the component Side-Channel Protected T-Table Handler. The manipulation leads to observable timing discrepancy. This vulnerability is handled as CVE-2024-1543. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-8329 | Gether Technology 6SHR System sql injection

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability classified as critical was found in Gether Technology 6SHR System. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-8329. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-8327 | Hwa Jiuh Digital Technology Easy Test Online Learning and Testing Platform prior 24A01 page sql injection

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability classified as critical has been found in Hwa Jiuh Digital Technology Easy Test Online Learning and Testing Platform. Affected is an unknown function. The manipulation of the argument page leads to sql injection. This vulnerability is traded as CVE-2024-8327. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-8330 | Gether Technology 6SHR System unrestricted upload

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability was found in Gether Technology 6SHR System. It has been rated as very critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-8330. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-2502 | Silabs SE up to 2.2.5 Temper unusual condition

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability was found in Silabs SE up to 2.2.5. It has been declared as problematic. This vulnerability affects unknown code of the component Temper Handler. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2024-2502. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-45488 | One Identity Safeguard for Privileged Passwords up to 7.0.5.0/7.4.1/7.5.1 Cookie improper authorization

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability was found in One Identity Safeguard for Privileged Passwords up to 7.0.5.0/7.4.1/7.5.1. It has been classified as critical. This affects an unknown part of the component Cookie Handler. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-45488. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

直播预热 | 中国电信网络安全宣传月启动暨电信安全中国行·苏州站活动

数世咨询

2 months 2 weeks ago

中国电信网络安全宣传月启动暨电信安全中国行·苏州站活动

CVE-2024-1545 | wolfSSL up to 5.6.6 on Linux/Windows wolfCrypt rsa.c RsaPrivateDecryption improper restriction of software interfaces to hardware features

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability was found in wolfSSL up to 5.6.6 on Linux/Windows and classified as problematic. Affected by this issue is the function RsaPrivateDecryption of the file wolfssl/wolfcrypt/src/rsa.c of the component wolfCrypt. The manipulation leads to improper restriction of software interfaces to hardware features. This vulnerability is handled as CVE-2024-1545. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-2881 | wolfSSL up to 5.6.6 on Linux wolfCrypt ed25519.c in wc_ed25519_sign_msg Rowhammer improper restriction of software interfaces to hardware features

VulDB Recent Entries

2 months 2 weeks ago

A vulnerability has been found in wolfSSL up to 5.6.6 on Linux and classified as critical. Affected by this vulnerability is the function in wc_ed25519_sign_msg of the file wolfssl/wolfcrypt/src/ed25519.c of the component wolfCrypt. The manipulation leads to improper restriction of software interfaces to hardware features. This vulnerability is known as CVE-2024-2881. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

网络安全警报：游戏行业面临的黑客威胁

数世咨询

2 months 2 weeks ago

随着网络游戏和在线赌博成为黑客攻击的新焦点，全球游戏产业正面临前所未有的安全挑战。本文探讨了这一现象，并分析了如何加强网络安全以保护这一迅速发展的行业。

网络安全警报：游戏行业面临的新威胁

数世咨询

2 months 2 weeks ago

A macro look at the most pressing cybersecurity risks

Help Net Security

2 months 2 weeks ago

Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organizations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed,” said Barry Mainz, Forescout CEO. “To mitigate these extensive … More →

The post A macro look at the most pressing cybersecurity risks appeared first on Help Net Security.

Help Net Security