Aggregator

精彩汇集，业务宝典：《2024安全牛百篇文章精选集》发布作者：aqniu 日期：2025年01月17日 阅：12

新闻速览 •六部门印发《关于完善数据流通安全治理 更好促进数据要素市场化价值化的实施方案》 •TikTok在美 […]

六部门印发《关于完善数据流通安全治理 更好促进数据要素市场化价值化的实施方案》；TikTok在美关停在即，特朗普有意挽救 |牛览 日期：2025年

异次元曾经推荐过 Kimi (月之暗面) 的国产大模型，不错的综合能力算是可以作为 ChatGPT 的免费平替使用。然而，最近的新黑马 DeepSeek 不仅火遍全网，甚至在全球范围都一鸣惊人！Dee

Executive SummaryOn Jan. 8, 2025, Ivanti released a security advisory for two vuln

A vulnerability was found in Crea8Social 2.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2015-1054. The attack can be initiated remotely. Furthermore, there is an exploit available.

01知识库背景新加入社群的朋友们普遍怀揣着夯实.NET安全基础、寻求清晰学习路径的强烈愿望。这不仅反映了大家对于提升自我技能的热切期待，也揭示了当前网络资源中有关.NET安全基础知识覆盖不足的现状。正

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

LogonUserA 和 ImpersonateLoggedOnUser 是强大的 Windows API，允许程序以指定用户的身份操作。攻击者利用这些函数可模拟合法用户权限，用于横向移动或访问敏感资

A vulnerability classified as critical has been found in Microsoft Windows up to XP. Affected is an unknown function of the component TrueType Font Handler. The manipulation as part of CMAP Table leads to code injection. This vulnerability is traded as CVE-2013-3894. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in D-Bus up to 1.2.18. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. This vulnerability was named CVE-2014-3477. The attack needs to be approached locally. There is no exploit available.

A vulnerability classified as very critical was found in Keysight N8844A up to 2.1.7351. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2023-1967. The attack can be launched remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability was found in SolarView Compact SV-CPT-MC310 and Compact SV-CPT-MC310F up to 8.9. It has been classified as critical. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2023-27514. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mitel MiVoice Connect and classified as problematic. This vulnerability affects unknown code of the file test_presenter.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-25599. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Binding Support Function up to 23.1.7/23.2.2. Affected by this issue is some unknown functionality of the component Install/Upgrade. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-20883. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Oracle Communications Cloud Native Core Network Exposure Function 23.1.3 and classified as critical. This vulnerability affects unknown code of the component Platform. The manipulation leads to denial of service. This vulnerability was named CVE-2023-20883. The attack can be initiated remotely. There is no exploit available.