Aggregator

Submit #413401 / VDB-278827

Submit #413337 / VDB-278826

发表在《Journal of Exposure Science & Environmental Epidemiology》期刊上的一项研究发现，人类身上发现了愈 3,600 种来自食品包装、厨具或食品加工设备的化学物质。这些化学物质存在于人类血液、头发或母乳中，其中包括已知剧毒的化合物，如 PFAS、双酚、金属、邻苯二甲酸盐和挥发性有机化合物。很多化合物与癌症、荷尔蒙紊乱等严重健康问题相关。研究作者表示需要对食品接触化学物质进行进一步审查。研究人员指出塑料带来的问题最严重，而它基本上不受监管。此外金属罐上的硅胶和涂层也可能含有有毒或未充分研究的化合物。有多种因素会导致化合物以更高速率渗透入食物，其中包括较高的温度、脂肪含量和酸度。

A vulnerability has been found in RoundCube up to 1.3.16/1.4.11 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument search/search_params leads to sql injection. This vulnerability was named CVE-2021-44026. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ruckus Wireless Admin up to 10.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forms/doLogin of the component HTTP GET Request Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2023-25717. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in VMware Aria Operations for Networks 6.x. This vulnerability affects unknown code. The manipulation leads to command injection. This vulnerability was named CVE-2023-20887. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ZyXEL NAS326 and NAS540. It has been rated as very critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2023-27992. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Oracle Retail Clearance Optimization Engine 14.0.3. This vulnerability affects unknown code of the component General Application. The manipulation leads to deserialization. This vulnerability was named CVE-2016-5019. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.9.8. This issue affects some unknown processing of the component s390. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-42155. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.9.8. Affected is an unknown function of the component s390. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-42156. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.9.8 and classified as problematic. Affected by this vulnerability is the function kfree_sensitive of the component s390. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-42158. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.16.12. It has been declared as critical. Affected by this vulnerability is the function __nf_register_net_hook in the library include/linux/netfilter.h. The manipulation leads to use after free. This vulnerability is known as CVE-2022-48912. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.26/5.16.12 and classified as problematic. This vulnerability affects unknown code of the file net/mptcp/protocol.c of the component mptcp. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2022-48906. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

September 28, 2024SDRplay has recently announced the upcoming release of their "nRSP-ST" netw