Aggregator

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. This vulnerability is traded as CVE-2024-5350. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-5351. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-5352. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-5353. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

AI 赋能教育已不是新鲜事，在「万物皆可 DeepSeek」时，这股风潮也迅速席卷了各大教育企业。 当基座模型实现低成本技术突破，AI或许有望成为重构教育生态的基础设施，但如何找到真正契合的场景才是关键。拥有自研大模型的网易有道就在最近做了一次新的尝试，率先推出了搭载 DeepSeek-R1 模型的教育硬件产品「有道 SpaceOne 全面屏答疑笔」。这只笔聚焦于「答疑」这一具体场景，让毫秒级响应的 DeepSeek 强势加持「小P老师」，不仅答疑，并且解惑，给出完整的推理过程和思考轨迹。 不止于刷题，也不止于教科书，这只小小的笔，或许将带动真正个性化、智能化教育时代的来临。

A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2023-36570. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component Message Queuing. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2023-36571. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2023-36572. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2023-36573. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is handled as CVE-2023-36574. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2023-36575. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2023-36589. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. This affects an unknown part of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2023-36591. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component Message Queuing. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2023-36592. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component DirectMusic. The manipulation leads to Local Privilege Escalation. This vulnerability was named CVE-2023-36702. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows up to Server 2022. This affects an unknown part of the component Virtual Trusted Platform Module. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2023-36718. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

Ограничение затрагивает только U.S. Cyber Command, но не разведку АНБ.

勒索软件团伙利用 Paragon 分区管理程序漏洞在 BYOVD 攻击中获取 SYSTEM 权限，微软已紧急修复并阻止易受攻击的驱动程序，用户须立即升级！

After Disrupting Ascension Health, Black Basta Forecast Reprisals From FBI, Moscow
"We are pentesters, not murderers," ransomware group Black Basta claimed in its negotiations with victim Ascension Healthcare in May 2024, after its attack led to widespread disruptions and patient safety alerts. Leaked chat logs reveal the group feared resulting reprisals from the FBI and Moscow.

Researchers: Ransomware Group Emerged Last Fall; Variant of Babuk Malware
A new ransomware gang, Termite, has started leaking on the dark web samples of sensitive data stolen in an attack on Australian fertility clinic Genea. A court has issued a restraining order in hopes of preventing the threat actor or others from further disseminating, using or publishing the data.