Aggregator

CVE-2024-35867 | Linux Kernel up to 6.1.84/6.6.25/6.8.4 SMB Client cifs_stats_proc_show use after free (Nessus ID 209926)(link is external)

Vuldb Updates
5 months ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.1.84/6.6.25/6.8.4. This vulnerability affects the function cifs_stats_proc_show of the component SMB Client. The manipulation leads to use after free. This vulnerability was named CVE-2024-35867. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47598 | Linux Kernel up to 4.19.221/5.4.167/5.10.87/5.15.10 sch_cake kernel/locking/mutex.c cake_destroy use after free (Nessus ID 209926)(link is external)

Vuldb Updates
5 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.221/5.4.167/5.10.87/5.15.10. Affected by this issue is the function cake_destroy of the file kernel/locking/mutex.c of the component sch_cake. The manipulation leads to use after free. This vulnerability is handled as CVE-2021-47598. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

创启安全+AI聚变,ISC.AI 2024第五届数字安全创新百强评选开启招募(link is external)

嘶吼
5 months ago

伴随数字化转型的深入发展,新质生产力正不断加速传统与现代动能的转换。在此其中,数字安全成为了保障数字经济健康发展的坚实基石。同时,人工智能作为推动力,正引领着产业数字化向智能化的高端迈进。面对数字安全与人工智能的融合发展浪潮,ISC.AI 2024第五届数字安全创新百强评选正式拉开帷幕。

作为数字安全行业的奥斯卡,本届评选由ISC平台、中关村数智人工智能产业联盟、大模型产业联盟、赛迪顾问、电子城有限公司、数世咨询、数说安全、安全419、BP商业伙伴、安在、看雪、安全客等行业机构联合举办,将基于过往四届积淀,深度聚焦安全和AI两大领域的创新先锋力量,构建起以创新产品与技术能力为代表的新质生产力集聚阵地,助力推动数字安全的跃迁升级,以及AI技术与全行业的共融创生,开启数实融合的“聚变元年”。

聚焦安全和AI双域

全面覆盖20大热点赛道

面对人工智能技术浪潮的冲击,本届评选在赓续安全基因的基础上,将聚焦AI领域的创新势力,创新性设立“安全”与“AI”两大竞选赛道,全面覆盖终端安全、安全运营、信创安全、安全大模型、大模型安全,大模型技术和大模型行业应用等20个热点创新赛道,致力于深度挖掘两大领域产业链上下游的全域创新成果,确保评选在透视产业创新动向、把脉行业创新态势方面的精准引领价值。

本次评选还将基于评选结果及行业调研数据,与产业进行深度结合分析,推出数字安全与AI两大产业全景图,并通过整合梳理最具代表性的创新技术及解决方案,打造各个细分领域的创新技术、解决方案报告,全面展两大领域的最新技术趋势、市场格局及未来发展方向,为政府决策、企业战略规划及投资者布局提供有力支持。

挖掘创新标杆力量

精准赋能数字化转型

科技创新能够催生新产业、新模式、新动能,是发展新质生产力的核心要素。在推动科技创新的进程中,标杆企业发挥着重要作用。其通常掌握关键核心技术,能够集聚创新要素,推动科技成果向现实生产力转化,加快发展新质生产力。‌

为加强创新标杆企业的风向引领与行业辐射作用,本届ISC.AI 2024数字安全创新百强打造出了更加多样化的荣誉奖项,其不仅将针对“数字安全”与“人工智能”各个维度中的突出厂商,推出创新百强荣誉奖项;还将基于针对参选企业综合能力的考评,甄选年度创新能力十强;同时,结合百强客户智库、百强专家评审团反馈意见,以及第三方权威机构数据综合评价,本届评选将见证新一批的创新先锋力量荣耀入驻网安名人堂。

所有评选考核将严格遵循标准化审核流程与透明化审核结果的原则,按照市场反馈、用户体验、客户评价等多维标准,遴选出最具创新力的数字安全与人工智能创新产品、技术及解决方案,以价值为导向精准赋能城市、行业、企业的数字化转型。

目前,ISC.AI 2024第五届数字安全创新百强评选已经全面开启招募,即刻登陆官网,便可了解更多详细内容!

企业资讯

Lottie Player compromised in supply chain attack — all you need to know(link is external)

Security Boulevard
5 months ago

Popular JavaScript library and npm package Lottie Player was compromised in a supply chain attack with threat actors releasing three new versions of the component yesterday, all in a span of a few hours. Understand what this threat means for your business and what you need to do.

The post Lottie Player compromised in supply chain attack — all you need to know appeared first on Security Boulevard.

Ax Sharma

CVE-2024-30149 | HCL AppScan Source up to 10.6.0 SSL Certificate certificate validation (KB0116990)(link is external)

VulDB Recent Entries
5 months ago
A vulnerability classified as problematic was found in HCL AppScan Source up to 10.6.0. This vulnerability affects unknown code of the component SSL Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2024-30149. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-38588 | Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2 ftrace_location use after free (Nessus ID 207738)(link is external)

Vuldb Updates
5 months ago
A vulnerability was found in Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2. It has been declared as critical. This vulnerability affects the function ftrace_location. The manipulation leads to use after free. This vulnerability was named CVE-2024-38588. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-49373 | No Fuss Computing Centurion ERP up to 1.2.0 Project improper isolation or compartmentalization (GHSA-5qmx-pr2f-qhj5)(link is external)

Vuldb Updates
5 months ago
A vulnerability classified as problematic was found in No Fuss Computing Centurion ERP up to 1.2.0. Affected by this vulnerability is an unknown functionality of the component Project Handler. The manipulation leads to improper isolation or compartmentalization. This vulnerability is known as CVE-2024-49373. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-48605 | Helakuru Desktop Application 1.1 wow64log.dll uncontrolled search path (EDB-51461)(link is external)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, was found in Helakuru Desktop Application 1.1. Affected is an unknown function in the library wow64log.dll. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2024-48605. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-20526 | Cisco ASA SSH Server resource consumption (cisco-sa-asa-ssh-dos-eEDWu5RM)(link is external)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, was found in Cisco ASA. Affected is an unknown function of the component SSH Server. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-20526. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-47035 | Google Android virtio_ring.h vring_init out-of-bounds write(link is external)

Vuldb Updates
5 months ago
A vulnerability was found in Google Android. It has been declared as critical. Affected by this vulnerability is the function vring_init of the file external/headers/include/virtio/virtio_ring.h. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-47035. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-48427 | SourceCodester Packers and Movers Management System 1.0 manage_service&id sql injection(link is external)

Vuldb Updates
5 months ago
A vulnerability was found in SourceCodester Packers and Movers Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mpms/admin/?page=services/manage_service&id. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-48427. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-33893 | Cosy+ prior 21.2s10/22.1s3 Log cross site scripting(link is external)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, has been found in Cosy+. Affected by this issue is some unknown functionality of the component Log Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-33893. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad