Aggregator

新年伊始,2个关于数据安全的国家级法规及指引落地,吹响了数据安全建设“冲锋号”! 2025年1月1日,我国数据 […]

A vulnerability was found in CPU on Intel/AMD/ARM and classified as critical. Affected by this issue is some unknown functionality of the component Speculative Execution. The manipulation leads to information disclosure (Spectre). This vulnerability is handled as CVE-2017-5753. The attack may be launched remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to change the configuration settings.

A vulnerability was found in ntp up to 4.2.8p6/4.3.91. It has been rated as critical. This issue affects some unknown processing of the component ntpd. The manipulation leads to data processing error (Sybil). The identification of this vulnerability is CVE-2018-7170. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in ntp up to 4.2.8p11. Affected by this vulnerability is an unknown functionality of the component ntpd. The manipulation as part of Timestamp leads to improper input validation. This vulnerability is known as CVE-2018-7184. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in ntp up to 4.2.8p11. Affected by this issue is some unknown functionality of the component Protocol Engine. The manipulation as part of Source IP Address leads to improper input validation. This vulnerability is handled as CVE-2018-7185. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Solaris 10/11.3. It has been classified as critical. This affects an unknown part of the component Kernel. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2017-5753. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Synology DiskStation Manager up to 6.2. This affects an unknown part of the component EZ-Internet. The manipulation of the argument username as part of Parameter leads to command injection. This vulnerability is uniquely identified as CVE-2017-12075. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Synology DiskStation Manager up to 6.2 and classified as critical. This vulnerability affects unknown code of the component Change Password. The manipulation leads to weak password recovery. This vulnerability was named CVE-2018-8916. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Synology DiskStation Manager up to 6.2. Affected is an unknown function of the component Random Generator. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2018-13280. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology DiskStation Manager up to 6.2 and classified as problematic. This issue affects some unknown processing of the component SYNO.Core.ACL. The manipulation of the argument file_path as part of Parameter leads to information disclosure. The identification of this vulnerability is CVE-2018-13281. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Fujitsu M10-1, Fujitsu M10-4, Fujitsu M10-4S, Fujitsu M12-1, Fujitsu M12-2 and Fujitsu M12-2S Servers. It has been rated as critical. This issue affects some unknown processing of the component NTP. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2018-7185. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in netatalk up to 3.1.11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file dsi_opensess.c. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2018-1160. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications LSMS 13.1/13.2/13.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2017-5753. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

公网暴露即被黑？

A vulnerability was found in Synthetic Reality Sympoll 1.5. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument vo leads to basic cross site scripting. This vulnerability is handled as CVE-2003-1175. The attack may be launched remotely. Furthermore, there is an exploit available.

Matrix 首页推荐 Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。 文章代表

error code: 521

HackerNews 编译，转载请注明出处： 软件制造商Adobe于周二针对多款产品中的十多个安全缺陷推出了修复措施，并警告称，恶意黑客可以利用这些漏洞发动远程代码执行攻击。 该公司表示，这些漏洞影响了Adobe Photoshop、Substance 3D Stager、iPad版Illustrator、Adobe Animate以及Adobe Substance 3D Designer。 根据Adobe的文档，Photoshop的更新适用于Windows和macOS系统，鉴于通过陷阱文件利用代码执行的风险，用户应尽快安装此更新。 具体细节如下： Adobe Photoshop——此次更新修复了两个关键严重级别的任意代码执行漏洞（CVE-2025-21127和CVE-2025-21122）。 Adobe Substance 3D Stager——此公告记录了五个关键严重级别的内存安全漏洞，这些漏洞可能导致在当前用户上下文中执行任意代码。这些漏洞的CVSS严重级别评分为7.8/10，影响Windows和macOS用户。 iPad版Illustrator——此次更新涵盖了两个独立的内存安全问题，这些问题使Apple iPad用户面临代码执行攻击的风险。两个漏洞均被评为关键级别，CVSS严重级别评分为7.8/10。 Adobe Animate——此次更新修复了一个可能导致任意代码执行漏洞的整数下溢问题。该更新适用于Windows和macOS用户。 Adobe Substance 3D Designer——此次更新包含针对影响所有平台的四个关键内存安全漏洞的补丁。成功利用这些漏洞可能导致在当前用户上下文中执行任意代码。   消息来源：Security Week, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Johan Cwiklinski Galette 0.63/0.63.1/0.63.2/0.63.3. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id_adh leads to sql injection. This vulnerability is traded as CVE-2012-2338. It is possible to launch the attack remotely. Furthermore, there is an exploit available.