Aggregator

A vulnerability was found in Salt and classified as critical. This issue affects some unknown processing of the component Pre-Flight. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-34049. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Sonatype Nexus Repository 2 OSS and Nexus Repository 2 Pro up to 2.15.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-5082. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Sonatype Nexus Repository 2 OSS and Nexus Repository 2 Pro up to 2.15.1. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-5083. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tecno com.transsion.phoenix. It has been declared as problematic. This vulnerability affects unknown code of the component User Information Handler. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-11206. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ITG Computer Technology vSRM Supplier Relationship Management System and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-7787. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto Networks Cloud NGFW, PAN-OS and Prisma Access. It has been classified as critical. Affected is an unknown function of the component GlobalProtect Service. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-2550. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto Networks Cloud NGFW, PAN-OS and Prisma Access. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Packet Handler. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-2551. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto Networks Cloud NGFW, PAN-OS and Prisma Access. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-2552. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google Android 12/13/14/15. This issue affects the function shouldHideDocument of the file ExternalStorageProvider.java. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2024-43093. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

提供 DRM-free 游戏服务的 GOG 宣布了经典游戏保存计划 GOG Preservation Program。它将投入资源确保获得 Good Old Game: Preserved by GOG 印章游戏的兼容性，并会持续提供技术支持。首批列入保存计划的游戏共 100 款，它特别列举了如何改进《魔法门之英雄无敌3：完整版》、《暗黑破坏神 + 地狱火》和《生化危机捆绑包》的兼容性，其它列入的经典游戏包括了《Jagged Alliance》、《System Shock 2》、《Warcraft I & II》、《Dungeon Keeper Gold》、《Theme Park》、《SimCity 3000 Unlimited》以及 Wing Commander 系列。GOG 称其商店出售的旧游戏不是所有它都有权修改，它和开发商签署的合同有的是禁止它修改的，如果发现存在 bug，只有开发商有权修改，而很多经典游戏的开发商早就不存在了。

Typecho 的原生搜索功能存在明显不足，极大地影响了用户体验。就拿搜索 windows 10 系统下载相关内容来说，当用户输入 “windows 10 系统” 这一关...

error code: 521

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent

Белые хакеры обнаружили критическую уязвимость, но остались без выплат.

After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part of a “broad and significant cyber espionage campaign.” “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private … More →

The post FBI confirms China-linked cyber espionage involving breached telecom providers appeared first on Help Net Security.

提升数据安全治理监管能力对于加强数据安全、推动数据要素创新发展、实现经济社会高质量发展具有重大意义。

国家计算机病毒应急处理中心近期通过互联网监测发现，13款移动App存在隐私不合规行为，涉及电商、社交和教育等领域。

截至目前，共破获相关案件1900余起。近日，公安部公布依法打击网上侵权假冒犯罪10起典型案例。

公安部治安管理局副局长亓希国在会上表示，任何单位和个人利用网络发布制作或者销售枪爆物品信息，传授制枪制爆犯罪方法，设立用于制作或者销售枪爆物品的网站、通讯群组均涉嫌违法犯罪，公安机关将依法予以查处，构成犯罪的将依法追究刑事责任。

对话式人工智能技术的应用对现有的信息检索方式而言，可能带来一场深刻变革。但是，由于其算法模型的固有缺陷，隐藏的风险也不容小觑，自然语言交互、自动化提取、个性化推荐等特点使其在为用户提供贴心服务的同时，...