Aggregator

A vulnerability was found in Linux Kernel up to 6.11.2. It has been rated as critical. This issue affects the function hda_sdw_machine_select. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2024-50011. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.53/6.7/6.10.12/6.11.1. It has been declared as problematic. Affected by this vulnerability is the function mt7915_band_config. The manipulation leads to race condition. This vulnerability is known as CVE-2024-47715. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

本文通过扩展TLS-Attacker框架开发了支持DTLS的测试平台，并利用协议状态模糊测试技术分析了13种DTLS实现。

原文标题：Analysis of DTLS Implementations Using Protocol State Fuzzing原文作者：Paul Fiterau-Brostean, Bengt

#硬件设备 华硕推出全球首款基于 Thunderbolt 5 外接显卡 eGPU + 扩展坞，内置 RTX 5090 移动版，售价 2199.99 美元。这款扩展坞内置 350W 电源

过年前来了这么个事，简单记录下

前言

某年某日的一天，我看到某IM应用发布了一个全新的桌面客户端开始了公测

我马上就下载来试用了一番，发现它使用了electron重构了PC客户端。用electron重写？逆起来应该很容易吧

A vulnerability has been found in Progress Sitefinity up to 14.4.8142/15.0.8229/15.1.8327/15.2.8421 and classified as critical. This vulnerability affects unknown code. The manipulation leads to session expiration. This vulnerability was named CVE-2024-11627. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Progress Software Sitefinity up to 14.4.8142/15.0.8229/15.1.8327/15.2.8421. This affects an unknown part. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2024-11625. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

社区速递 076 | 你没见过的社区文章、一周最热评、派友的年度应用除了首页时间流和侧栏的精选展位，少数派 Matrix 社区还有很多优秀内容因条件所限无法得到有效曝光，因此我们决定重启 Matrix

某年某日的一天，我看到某IM应用发布了一个全新的桌面客户端开始了公测我马上就下载来试用了一番，发现它使用了electron重构了PC客户端。用electron重写？逆起来应该很

攻击面管理安全案例研究 | 城商行统一安全管理平台运营 日期：2025年01月07日 阅：72

本案例正式收录于《攻击面管理技术应用指南（2024版）》，项目由绿盟科技集团股份有限公司实施，并提供案例研究支 […]

外交部：美方炒作“中国黑客攻击”并发起制裁，中方坚决反对；国家网络安全通报中心：发现一批境外恶意网址和恶意IP | 牛览 日期：2025年01月0

新闻速览 •外交部：美方炒作“中国黑客攻击”并发起制裁，中方坚决反对 •国家网络安全通报中心：发现一批境外恶意 […]

Critical Infrastructure / Cyber AttackThe U.S. Cybersecurity and Infrastructure Security Agency (C

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies. The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts. "The security of federal systems and the data they

#硬件设备 英伟达宣布 RTX 20/30/40/50 系显卡均支持 DLSS 4 超分辨率技术，但诸如多帧生成功能仅支持 RTX 50 系显卡。在首发日有 75 款游戏和应用带来 D

shiro 721：填充攻击，在未知密钥的情况下构造出payload的密文，从而导致反序列化（shiro 550)

A vulnerability was found in Linux Kernel up to 6.1.119/6.6.63/6.11.10/6.12.1. It has been declared as critical. Affected by this vulnerability is the function fscache_create_volume of the file /fscache of the component netfs. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-56755. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.