Aggregator

近日，一些网友注意到，申领和使用“网号”“网证”的应用“国家网络身份认证 App（试点版）”已在多个应用商店上线。

A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-7357. The attack may be initiated remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

A vulnerability was found in Check Point ZoneAlarm Extreme Security. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to link following. This vulnerability was named CVE-2024-6233. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PDF-XChange Editor. It has been classified as critical. This affects an unknown part of the component PDF File Parser. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-7352. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

64 岁的 Raffy Tulfo 是菲律宾公共事务节目《Wanted sa Radyo (Wanted on Radio)》的主持人，他的 YouTube 频道《Raffy Tulfo in Action》有逾 2800 万订户，而整个菲律宾的 YouTube 用户数是大约 5800 万。他的庞大 YouTube 粉丝帮助他赢得了参议院席位，并在推动他成为下一届总统，虽然他本人声称没有兴趣参加 2028 年的总统竞选。Tulfo 是一位大学辍学生，以 DJ 身份开始进入广播业，成名于担任新闻记者，通过主持犯罪节目和公共事务节目而成为最受欢迎的公众人物之一，很多菲律宾人将自己遭遇的社会不公报告给他，依靠他而不是警察或法院解决问题。名人从政在菲律宾屡见不鲜，有至少 20 多名音乐人、演员和其他名人成为政客，担任省长到国会议员到参议员，甚至总统。前总统 Joseph Estrada 就是一名演员。菲律宾大学政治学教授 Aries Arugay 认为，Tulfo 的不同之处是名人与强人言论的结合，在一个治理和法治上存在缺陷的国家具有无与伦比的吸引力。Tulfo 的节目并非没有争议，比如有罪推定，直到被证明无罪。

A vulnerability was found in Lenovo Driver Manager and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2023-1577. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Lenovo PC Manager 2.6.40.3154 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2019-6198. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Lenovo PC Manager 2.6.40.3154. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2019-6197. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in goframe 2.7.2. This issue affects some unknown processing of the component TLS Certificate Verification. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2024-41253. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Motorola Q14 Mesh Router. This vulnerability affects unknown code of the component API Handler. The manipulation leads to improper authentication. This vulnerability was named CVE-2022-4001. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in beego up to 2.2.0. This affects the function getCacheFileName of the file file.go. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-40465. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Motorola Q14 Mesh Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the component API Request Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2022-4003. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.