Aggregator

A vulnerability was found in H3C Magic R300 R300-2100MV100R004. It has been rated as critical. This issue affects the function AddMacList of the file /goform/aspForm. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-33641. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in H3C Magic R300 R300-2100MV100R004. Affected is the function Edit_BasicSSID of the file /goform/aspForm. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-33642. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in H3C Magic R300 R300-2100MV100R004. Affected by this vulnerability is an unknown functionality of the file /goform/aspForm. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2023-33643. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in mintplex-labs anything-llm up to 0.0.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Profile Picture Handler. The manipulation leads to relative path traversal. This vulnerability is known as CVE-2024-0550. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mattermost Server up to 8.1.8/9.2.4/9.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component User Status Handler. The manipulation of the argument emoji leads to resource consumption. This vulnerability is known as CVE-2024-24988. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 8.1.8/9.2.4/9.2.5/9.3.0/9.4.1. It has been rated as critical. This issue affects some unknown processing of the component AD Group Handler. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2024-23493. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

henrymans0n Claims to have Leaked the Data of Dubai Pulse

Swiss tech company Proton, which provides privacy-focused online services, says that a Thurs

第一次用公众号的AI封面图生成功能

Author/Presenter: Varjitt Jeeva

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Programming A CTS-V Gauge Cluster Into An ATS-V: Out Of Pure Spite appeared first on Security Boulevard.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

2025-01-08软件安全分析2030远景规划  ourren || discus

Суперкомпьютеры меняют правила фармацевтики, и это только начало.

Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. [...]

A Threat Actor Claims to be Selling Access to an Unidentified Internet Service Provider in Thailand

De activiteiten van Defensie staan soms op gespannen voet met de bescherming van de leefomgeving. Een juiste balans is nodig. Dat schrijven staatssecretarissen Gijs Tuinman (Defensie) en Chris Jansen (Infrastructuur en Waterstaat) vandaag aan de Kamer.

A vulnerability, which was classified as critical, has been found in Acme Mini HTTPd 1.19. Affected by this issue is some unknown functionality of the component Terminal. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2009-4490. The attack may be launched remotely. Furthermore, there is an exploit available.

Skillz (303) Claims to be Selling Access to an Unidentified Chinese Company

A vulnerability was found in Dcat-Admin 2.1.3-beta and classified as problematic. This issue affects some unknown processing. The manipulation of the argument URL leads to cross site scripting. The identification of this vulnerability is CVE-2023-33736. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MicroWorld eScan Management Console 14.0.1400.2281. Affected is the function GetUserCurrentPwd. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33730. It is possible to launch the attack remotely. There is no exploit available.