Aggregator

CVE-2013-0079 | Microsoft Visio 2010 Tree Object Type File memory corruption (MS13-023 / VU#851777)(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Microsoft Visio 2010. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Tree Object Type. The manipulation as part of File leads to memory corruption. This vulnerability is handled as CVE-2013-0079. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2010-2610 | 2daybiz Job Site Script view_current_job.php left_cat sql injection (EDB-14025 / XFDB-59733)(link is external)

Vuldb Updates
7 months ago
A vulnerability classified as critical has been found in 2daybiz Job Site Script. This affects an unknown part of the file view_current_job.php. The manipulation of the argument left_cat leads to sql injection. This vulnerability is uniquely identified as CVE-2010-2610. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-2787 | Happy Addons for Elementor Plugin up to 3.10.4 on WordPress Page Title HTML Tag HTML injection(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Happy Addons for Elementor Plugin up to 3.10.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Page Title HTML Tag. The manipulation leads to HTML injection. This vulnerability is handled as CVE-2024-2787. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-2788 | Happy Addons for Elementor Plugin up to 3.10.4 on WordPress Post Title HTML Tag HTML injection(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Happy Addons for Elementor Plugin up to 3.10.4 on WordPress. It has been classified as problematic. This affects an unknown part of the component Post Title HTML Tag. The manipulation leads to HTML injection. This vulnerability is uniquely identified as CVE-2024-2788. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-2786 | Happy Addons for Elementor Plugin up to 3.10.4 on WordPress title_tag cross site scripting(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Happy Addons for Elementor Plugin up to 3.10.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument title_tag leads to cross site scripting. This vulnerability is known as CVE-2024-2786. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2021-47200 | Linux Kernel up to 5.15.4 drm_gem_ttm_mmap use after free (4f8e469a2384/8244a3bc27b3 / Nessus ID 209785)(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Linux Kernel up to 5.15.4. It has been rated as problematic. This issue affects the function drm_gem_ttm_mmap. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-47200. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47206 | Linux Kernel up to 5.15.4 platform_get_resource return value(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Linux Kernel up to 5.15.4. It has been classified as problematic. Affected is the function platform_get_resource. The manipulation leads to unchecked return value. This vulnerability is traded as CVE-2021-47206. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-26840 | Linux Kernel up to 6.7.6 cachefiles_add_cache memory leak (Nessus ID 210815)(link is external)

Vuldb Updates
7 months ago
A vulnerability classified as critical was found in Linux Kernel up to 6.7.6. This vulnerability affects the function cachefiles_add_cache. The manipulation leads to memory leak. This vulnerability was named CVE-2024-26840. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-26865 | Linux Kernel up to 6.1.82/6.6.22/6.7.10/6.8.1 rds lib/ref_tracker.c reqsk_timer_handler use after free(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Linux Kernel up to 6.1.82/6.6.22/6.7.10/6.8.1. It has been declared as problematic. Affected by this vulnerability is the function reqsk_timer_handler in the library lib/ref_tracker.c of the component rds. The manipulation leads to use after free. This vulnerability is known as CVE-2024-26865. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-26860 | Linux Kernel up to 6.1.82/6.6.22/6.7/6.7.10/6.8.1 dm-integrity skip_io memory leak(link is external)

Vuldb Updates
7 months ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.82/6.6.22/6.7/6.7.10/6.8.1. This issue affects the function skip_io of the component dm-integrity. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-26860. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-2883 | Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Core Remote Code Execution(link is external)

Vuldb Updates
7 months ago
A vulnerability classified as very critical was found in Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0/12.2.1.4.0. This vulnerability affects unknown code of the component Core. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2020-2883. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-26855 | Linux Kernel up to 6.7.9 ice_bridge_setlink null pointer dereference (Nessus ID 207773)(link is external)

Vuldb Updates
7 months ago
A vulnerability was found in Linux Kernel up to 6.7.9. It has been declared as critical. This vulnerability affects the function ice_bridge_setlink. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-26855. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

业界表彰 | 梆梆安全荣获数世咨询2024年度“数字安全产业贡献奖”(link is external)

嘶吼
7 months ago

近日,由国内数字化领域独立的第三方调研咨询机构数世咨询主办的“2025安全市场年度大会”在京成功举办。来自国内网络安全厂商领导、市场负责人、品牌负责人共计500多人以线上线下方式参加本次大会,聚焦数字安全大事记、产业困境与发展、市场拓展经验分享等热门话题。

会上,数世咨询对数字安全产业发展进行了总结,数字安全产业的健康发展是依靠众多优秀安全企业共同努力的结果,并为这些优秀企业颁发了数字安全产业贡献奖,以表彰它们在推动行业发展方面所作出的卓越贡献。梆梆安全凭借在移动应用安全方面的技术创新力、品牌影响力,以及行业竞争力的核心优势,荣获2024年度“数字安全产业贡献奖”

梆梆安全与第三方调研机构数世咨询一直保持着深度且稳固的合作关系。梆梆安全凭借在技术创新、市场拓展、业绩增长以及品质保障等多维度的卓越表现,接连入选数世咨询发布的《中国数字安全能力图谱》《API安全市场指南报告》《新质・中国数字安全百强(2024)》等榜单,充分彰显了行业对梆梆安全在相关领域专业能力的认可,以及对梆梆安全的高度赞誉与肯定。

梆梆安全始终以客户为中心,开创、繁荣了移动应用安全蓝海市场,建立了全面的移动应用安全防护生态体系,并在业务上形成了以移动安全为主体,联动安全服务和物联网安全的“一体两翼”业务体系,以及由技术、产品、解决方案和咨询服务构成的“四位一体”产研体系。

梆梆安全以移动安全为核心,逐渐将安全防护能力向传统互联网及物联网延伸,并创新性提出“共享安全”理念,围绕业务安全、移动安全、物联网安全、安全服务帮助用户制定网络安全建设规划,构筑覆盖全网络环境的新型信息安全立体纵深防御系统

目前,梆梆安全拥有10万家以上企业及开发者用户,安全技术覆盖的移动应用软件超过100万,这些应用已经累计安装在10亿个移动终端上,用户遍及金融、互联网、物联网、政府、运营商、企业、医疗、能源、教育等各大行业。

此次荣获“数字安全产业贡献奖”,不仅是来自行业权威媒体的认可,更是业界对梆梆安全推动数字安全技术创新与应用实践的肯定。未来,梆梆安全将继续立足并深耕移动应用安全领域,持续探索创新,为行业客户提供更优质的产品与更贴心的服务,为我国数字经济的发展提供强有力的安全保障,助力构建坚实稳固的数字安全屏障。

梆梆安全

再获权威认证 | 梆梆安全入选信通院第二期《数字安全护航技术能力全景图》37项细分安全领域(link is external)

嘶吼
7 months ago

近日,中国信息通信研究院在“2025中国信通院ICT深度观察报告会—数字生态治理分论坛”正式发布2024第二期《数字安全护航技术能力全景图》,梆梆安全凭借全面的产品能力与技术实力,成功入选12大安全领域、37项细分领域,产品能力获全面认可



梆梆安全再次入选《数字安全护航技术能力全景图》,这是专业机构从第三方视角对梆梆安全技术实力与产品能力的全面肯定。未来,梆梆安全将持续强化移动安全防护能力,紧密贴合用户实际应用场景,助力数字时代安全、健康发展,筑牢可信可控的数字安全屏障。

梆梆安全

戴尔、HPE、联发科修补其产品中的漏洞(link is external)

HackerNews
7 months ago
硬件制造商联发科、HPE 和戴尔周一发布公告,告知客户其产品中发现并修补的潜在严重漏洞。 半导体公司联发科宣布修补十几个漏洞,其中包括数十个芯片组的调制解调器组件中一个严重漏洞,该漏洞可能导致远程代码执行 (RCE)。 该问题被标记为 CVE-2024-20154,是一种越界写入漏洞,当设备连接到攻击者控制的恶意基站时,无需用户交互即可利用该漏洞。 联发科的建议还详细介绍了七个高严重性漏洞,这些漏洞可能会导致本地权限提升,如果攻击者靠近易受攻击的设备,则会导致 RCE。 Dell发布了针对其更新包 (DUP) 框架中高严重性缺陷的补丁,该漏洞编号为 CVE-2025-22395,并被描述为本地特权升级问题,该问题可能导致任意脚本的执行,从而导致拒绝服务 (DoS) 情况。DUP 框架版本 22.01.02 解决了此漏洞。 此外,该科技公司还发布了针对受 CVE-2024-52316 影响的多种产品的修复程序,CVE-2024-52316 是 2024 年 11 月披露的 Apache Tomcat 漏洞,可能导致身份验证绕过。 HPE 宣布修复其运行 Brocade Fabric OS (FOS) 的 SAN 交换机中使用的第三方组件中的多个缺陷,包括可能导致权限提升、远程命令执行、身份验证绕过、DoS 和任意文件创建或删除的高中严重性漏洞。 该公司的建议中提到了十个安全缺陷:两个于 2022 年公开披露,四个于 2023 年披露,四个于 2024 年发现。所有漏洞均已在 HPE B 系列产品的 FOS 固件 9.2.2、9.2.1a1 和 9.2.0c 版本中修复。 尽管没有任何供应商提及这些漏洞被利用进行攻击,但建议用户尽快应用这些补丁。   转自军哥网络安全读报,原文链接:https://mp.weixin.qq.com/s/wYpP3IxCHbWsHTQuZPPFwQ 封面来源于网络,如有侵权请联系删除
内容转载

Managed ad