Aggregator

A vulnerability has been found in Linux Kernel up to 6.7.6 and classified as problematic. Affected by this vulnerability is the function gtp_genl_dump_pdp. The manipulation leads to use after free. This vulnerability is known as CVE-2024-26754. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.32/6.8.11/6.9.2 and classified as critical. This vulnerability affects the function remove of the component et8ek8. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-38611. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2 and classified as problematic. This issue affects the function free_swap_and_cache/swapoff. The manipulation leads to race condition. The identification of this vulnerability is CVE-2024-26960. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

亚马逊更新了其 kindle 产品线，首次引入了彩屏，这些产品暂时不配送给中国大陆地区。亚马逊共宣布了四款产品：新版 Kindle Scribe 提供了更接近纸质的手写体验，起售价 $399.99，12 月 4 日发货；第六代 Kindle Paperwhite 显示屏大小从 6.8 英寸增加到 7 英寸，16 GB 版本售价 $159.99，32GB 版本售价 $199.99；新款入门版 Kindle 售价 $109.99；第一款配备彩色墨水屏的 Kindle Colorsoft，售价 $279.99，10 月 30 日发货。其中 Kindle Colorsoft 显示屏也是 7 英寸，支持无线充电（其充电座需要单独购买），存储空间为 32GB，将在屏幕上用彩色显示书封和插图，彩色显示的分辨率为 150 PPI，单色文本和图像的显示分辨率为 300 PPI，重 7.7 盎司，略高于 Paperwhite 的 7.4 盎司。

A vulnerability was found in Microchip RN4870 up to 1.43. It has been classified as problematic. Affected is the function PairReqNoInputNoOutput. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-29155. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

CISA released the third edition of SBOM guidelines to enhance software component transparency

安全专家表示，威胁检测工具产生太多误报，导致倦怠。

今日暂未更新资讯~
更多最新文章，请访问SecWiki

根据国家信息安全漏洞库（CNNVD）统计，本周（2024年10月7日至2024年10月13日）安全漏洞情况如下。

A vulnerability was found in Booking.com Banner Creator Plugin up to 1.4.6 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-49265. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Thimo Grauerholz WP-Spreadplugin Plugin up to 4.8.9 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-49266. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Docker Desktop up to 4.34.2. This affects an unknown part of the component Build View. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-9348. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in nayon46 Unlimited Addon for Elementor Plugin up to 2.0.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-49267. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical has been found in Adobe Flash Player up to 21.0.0.213 on Windows. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-4114. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

在订阅服务遍地的时代，订阅一项服务本身是十分简单的，然而取消订阅却是众所周知的繁琐。现在，FTC 终于决定对此类做法进行打击。它宣布了 click-to-cancel 规定的最终稿，要求让消费者能像注册一样轻松取消订阅。其大部分条款将在《Federal Register》上公布 180 天后生效。FTC 主席 Lina M. Khan 表示，该机构的规定将让美国人节省时间和金钱，没人应为其不再需要的服务付费。

美国联邦和州政府已发布至少十余个漏洞奖励计划

给予警告，并处以罚款行政处罚

A vulnerability classified as problematic has been found in McAfee Asset Manager 6.6. This affects an unknown part. The manipulation of the argument reportFileName leads to path traversal. This vulnerability is uniquely identified as CVE-2014-2588. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.