Aggregator

Правительственные хакеры открывают новую эру вымогательских атак.

After reviewing the Top 10 Not So Common SSH Usernames and Passwords [1] published by Johannes 2 we

A vulnerability classified as critical has been found in mpg123 up to 1.32.7. This affects an unknown part. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-10573. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

第三季度网络安全上市公司财报显示，行业营收同比下降8.5%，季度收入已回落至疫情前水平。受经济环境收紧及市场需求减缓的影响，网络安全行业面临严峻挑战，逆风期持续。提升运营效率、加强成本管控并保持战略耐心，将是行业在逆境中取得稳健发展的关键。

A vulnerability was found in Vmware Spring Framework up to 5.3.40/6.0.24/6.1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebMvc.fn/WebFlux.fn. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-38819. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Piwigo 14.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Edit Album. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-48311. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Shenzhen Interconnection Harbor Network Technology Ofweek Online Exhibition 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-51419. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in HashiCorp Consul and Consul Enterprise up to 1.20.0 and classified as critical. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation leads to improper neutralization of http headers for scripting syntax. The identification of this vulnerability is CVE-2024-10006. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in HashiCorp Consul and Consul Enterprise up to 1.20.0 and classified as critical. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2024-10005. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in JeecgBoot 3.7.1. This affects an unknown part of the file /onlDragDatasetHead/getTotalData. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48307. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Ethereum 1.12.2. Affected by this issue is the function _transfer. The manipulation leads to permission issues. This vulnerability is handled as CVE-2024-51426. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Ethereum 1.12.2. Affected by this vulnerability is the function PepeGxng. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-51427. The attack can be launched remotely. There is no exploit available.

满足安全合规与风险管控。

欢迎投稿

A vulnerability classified as critical has been found in Ethereum 1.12.2. Affected is an unknown function of the component WaterToken Contract Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2024-51425. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Ethereum 1.12.2. It has been rated as critical. This issue affects the function Owned.setOwner. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-51424. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in SAS Studio 9.4. It has been declared as critical. This vulnerability affects unknown code of the file /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath}. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-48734. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in SAS Studio 9.4. It has been classified as critical. This affects an unknown part of the file /SASStudio/sasexec/sessions/{sessionID}/sql of the component POST Body Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48733. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Parameter Handler. The manipulation of the argument search leads to cross site scripting. This vulnerability is handled as CVE-2024-48807. The attack may be launched remotely. There is no exploit available.