Aggregator

2024年9月19日，深瞳漏洞实验室监测到一则VMware-vCenter组件存在堆溢出漏洞的信息，漏洞编号：CVE-2024-38812，漏洞威胁等级：严重。2024年10月23日，深瞳漏洞实验室发布二次通告。

A vulnerability was found in Cisco Firepower Threat Defense Software. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to access of memory location after end of buffer. The identification of this vulnerability is CVE-2024-20330. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

携手行业伙伴，打造专注安全的产业生态。

A vulnerability was found in Cisco ASA and Firepower Threat Defense. It has been declared as critical. This vulnerability affects unknown code of the component SNMP. The manipulation leads to improper handling of extra values. This vulnerability was named CVE-2024-20268. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Secure Firewall Management Center Software. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-20424. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco ASA, Adaptive Security Appliance (ASA) Software and Firepower Threat Defense Software and classified as problematic. Affected by this issue is some unknown functionality of the component Remote Access SSL VPN. The manipulation leads to insufficiently random values. This vulnerability is handled as CVE-2024-20331. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco ASA and Firepower Threat Defense Software and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-20495. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Cisco ASA. Affected is an unknown function of the component SSH Server. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-20526. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Cisco ASA and Firepower Threat Defense Software. This issue affects some unknown processing of the component Remote Access SSL VPN. The manipulation leads to missing release of resource. The identification of this vulnerability is CVE-2024-20493. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Cisco ASA. This vulnerability affects unknown code. The manipulation leads to improper neutralization of expression/command delimiters. This vulnerability was named CVE-2024-20329. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Cisco ASA and Firepower Threat Defense Software. This affects an unknown part of the component FXOS CLI. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-20370. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco ASA and Firepower Threat Defense Software. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Remote Access VPN. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-20481. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Jenkins up to 2.121.1/2.132. Affected is an unknown function of the file org/kohsuke/stapler/Stapler.java of the component Stapler Web Framework. The manipulation as part of HTTP Requests leads to improper input validation. This vulnerability is traded as CVE-2018-1999002. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Resecurity reports a rise in political content related to the 2024 US elections on social media, with increased activity from foreign sources. Resecurity has detected a substantial increase in the distribution of political content related to the 2024 US elections through social media networks, particularly from foreign jurisdictions. Social media can create echo chambers where […]

A vulnerability, which was classified as problematic, was found in KDE KMail 1.2. This affects an unknown part of the component Body Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2002-0342. It is possible to initiate the attack remotely. There is no exploit available.

系统瘫痪且恢复无进展

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #310 – The Day After PI Planning appeared first on Security Boulevard.

A vulnerability was found in Adobe Media Encoder up to 15.4.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2021-40778. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.