Aggregator

Опасный Zero-day использовался задолго до того, как появился патч.

根据哈佛大学陈曾熙公共卫生学院、加州圣巴巴拉（UCSB）和全球改善营养联盟（GAIN）研究人员的一项新研究，全球超过一半的人口摄入的多种对健康至关重要的微量营养素不足，包括钙、铁以及维生素C和E。微量营养素缺乏是全球最常见的营养不良形式之一，每一种营养素的缺乏都会导致特定的健康后果——从不良妊娠结局到失明，再到对传染病的易感性增加。研究人员使用了全球饮食数据库、世界银行和 31 个国家的饮食回忆调查数据，比较了 185 个国家的人口的营养需求和营养摄入量。他们将人口分为17个年龄组的男性和女性：从0岁到80岁，每5年一个组，以及一个80岁以上的组。他们评估了15种维生素和矿物质：钙、碘、铁、核黄素、叶酸、锌、镁、硒、硫胺素、烟酸以及维生素A、B6、B12、C和E。研究发现，几乎所有被评估的微量营养素的摄入量都严重不足——不包括作为额外营养来源的强化元素。碘（68%）、维生素E（67%）、钙（66%）和铁（65%）的摄入不足尤其普遍。超过一半的人摄入的核黄素、叶酸、维生素C和B6不足。烟酸的摄入量最接近充足（22%），其次是硫胺素（30%）和硒（37%）。

D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series. Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vulnerabilities in its discontinued DIR-846 router model. The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) are two OS command injection issues. A remote attacker could exploit them to execute […]

A vulnerability, which was classified as problematic, was found in Helix Core. Affected is the function commit. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2023-45319. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in opentext Fortify ScanCentral DAST up to 23.1. It has been classified as very critical. This affects an unknown part. The manipulation leads to incorrect privilege assignment. This vulnerability is uniquely identified as CVE-2023-5913. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Helix Core. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2023-5759. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in node-chromedriver up to 119.0.0. This vulnerability affects unknown code of the component Setting Handler. The manipulation of the argument chromedriver.path leads to os command injection. This vulnerability was named CVE-2023-26156. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in AppsAnywhere Client up to 2.0.0. This issue affects some unknown processing. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2023-41137. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in AppsAnywhere Client up to 2.0.0 on macOS. Affected by this issue is some unknown functionality of the component Privileged Helper. The manipulation leads to sensitive information in resource not removed before reuse. This vulnerability is handled as CVE-2023-41138. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in LibTIFF. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.