Aggregator

供应链安全案例研究 | 金融行业安全开发场景的供应链安全建设 日期：2024年11月06日 阅：95

A vulnerability classified as problematic has been found in Google Android. Affected is the function plugin_extern_func. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-27235. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Canonical Pebble up to 1.10.1. It has been classified as problematic. This affects an unknown part of the component Read-File API. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-3250. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Building positive relationships, sharing knowledge effectively, and making security "cool" are some of the most worthwhile security pursuits.

The post Security Culture: The Best Tool Money Can’t Buy appeared first on Security Boulevard.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

内有福利，再送40个账号注册码或300论坛币，吾爱破解论坛开放注册时间：2024年11月11日 12：00 -- 14：00 和 20：00 -- 22：00，赶紧上好闹钟顺便告诉小伙伴吧。

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 4.8.13. This affects the function sock_setsockopt of the file net/core/sock.c. The manipulation of the argument sk_sndbuf/sk_rcvbuf leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-9793. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A new report by the former SafeBreach researcher Alon Leviev is raising alarms about the risks posed by downgrade attacks on Microsoft Windows. In a blog post, Leviev, who now works for Microsoft, explained that his latest bypass could allow a malicious actor to load unsigned kernel drivers on a fully patched Windows system. Those could then be used to disable security features, deploy and disguise malicious code and processes, and so on. 

The post Downgrade attacks open patched systems to malware appeared first on Security Boulevard.

A Threat Actor Has Allegedly Leaked Data of Saudi Journalists Association

A vulnerability was found in Cisco Unified Communications Manager IM and Presence Service. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-20457. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-10928. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. This vulnerability is traded as CVE-2024-10927. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

“De grootste overwinning van de EOD is de explosie die nooit plaatsvond. Met iedere onschadelijke bom geven jullie ons een wereld die weer een beetje veiliger is.” Het waren de woorden van Commandant der Strijdkrachten generaal Onno Eichelsheim. Hij richtte ze tot de aanwezigen bij het 80-jarig jubileum van de Explosieven Opruimingsdienst Defensie (EOD) in Soesterberg.

A Threat Actor is Allegedly Selling the Data of Erth

A vulnerability classified as critical was found in Apple iOS up to 9.3.1. This vulnerability affects unknown code of the component Kernel. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-1829. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

Submit #434191 / VDB-283327

Submit #434189 / VDB-283327

Submit #434188 / VDB-283326

A vulnerability has been found in Samba up to 4.17.11/4.18.7/4.19.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component AD DC Busy RPC Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-42670. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in S-Lang 2.3.2 and classified as critical. This issue affects the function fixup_tgetstr. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-45929. The attack can only be done within the local network. There is no exploit available.