Aggregator

A vulnerability was found in Kashipara Responsive School Management System 3.2.0. It has been rated as critical. This issue affects some unknown processing of the file /smsa/admin_dashboard.php of the component Administrator Dashboard. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-41246. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Kashipara Responsive School Management System 3.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /smsa/add_class.php of the component New Class Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-41247. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Kashipara Responsive School Management System 3.2.0. It has been classified as critical. This affects an unknown part of the file /smsa/add_subject.php of the component New Subject Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-41248. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Kashipara Responsive School Management System 3.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /smsa/admin_student_register_approval.php of the component Student Registration Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-41252. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Kashipara Responsive School Management System 3.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /smsa/admin_teacher_register_approval.php of the component Teacher Registration Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-41251. The attack can be launched remotely. There is no exploit available.

Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they represent.

The post Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level appeared first on Security Boulevard.

过去几天社交媒体上开始流传 Valve 可能在开发《半条命》系列新作的消息。原因是演员 Natasha Chandel 在个人履历里披露她参与了 Valve 代号为 White Sands 的游戏的配音。在引发关注之后，她删除了相关信息，甚至网站一度无法访问，但互联网档案馆保留了未删除的信息。White Sands 是新墨西哥州的一个国家公园，而新墨西哥州是黑山实验室（Black Mesa）所在地，而众所周知黑山实验室是半条命系列的故事中心。于是 White Sands 和《半条命》就建立起了联系。如果真的要开发新游戏，Valve 显然需要招募开发者，它截至 2021 年员工总数不到 400 人。

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.221/5.15.162/6.1.99/6.6.40/6.9.9. Affected is the function swap_endian of the component allowedips. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-42247. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.221/5.15.162/6.1.99/6.6.40/6.9.9. This issue affects the function usb_kill_urb of the component mos7840. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-42244. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.9.9. This vulnerability affects the function blk_queue_max_segment_size of the component sdhci. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-42242. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.162/6.1.99/6.6.40/6.9.9. This affects the function entry_SYSENTER_compat. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-42240. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.40/6.9.9. It has been rated as problematic. Affected by this issue is the function bpf_timer_cancel of the component bpf. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-42239. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.9. It has been declared as critical. Affected by this vulnerability is the function pte_offset_map. The manipulation leads to use after free. This vulnerability is known as CVE-2024-42233. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.99/6.6.40/6.9.9. It has been classified as critical. Affected is the function detach_tasks. The manipulation leads to excessive iteration. This vulnerability is traded as CVE-2024-42245. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.9.9 and classified as critical. This issue affects the function delayed_work of the component libceph. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-42232. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.40/6.9.9 and classified as problematic. This vulnerability affects unknown code in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-42241. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.40/6.9.9. This affects an unknown part in the library lib/xarray.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-42243. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

We’re thrilled to announce that Angelboy, senior security researcher at DEVCORE, is named one of Microsoft’s MSRC 2024 Most Valuable Security Researchers! He not only secured the #33 spot on the overall list but also achieved the #9 position in the Windows category.

This is the first time Angelboy has been shortlisted on this annual leaderboard, and he is also the highest-ranked Taiwanese security researcher featured. This prestigious accomplishment highlights his exceptional expertise and significant contributions to the field.

The Microsoft Security Response Center (MSRC) has long recognized the efforts of security researchers who partner with Microsoft in reporting vulnerabilities through its Microsoft Researcher Recognition Program (MRRR). The program expresses gratitude for their contributions to the security of Microsoft’s global customers and products.

The MSRC 2024 Most Valuable Security Researchers list, announced on August 7th, is based on the total number of points the researchers earned for each valid report from July 2023 to June 2024. Angelboy secured the #33 spots on the leaderboard. Specifically, his dedicated passion for Windows Kernel research earned him a #9 ranking in the Windows category, placing him in the TOP 10. He was also awarded “Accuracy” and “Volume” badges, further highlighting his significant contributions to vulnerability research.

References:

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

恭喜 DEVCORE 資深資安研究員 Angelboy 榮獲 Microsoft 的 MSRC 2024 Most Valuable Security Researchers 的殊榮！除了在不分項 TOP 100 名單中榮獲 #33 名，在 Angelboy 長年研究的 Windows 領域中，他更以 #9 的名次擠入前十大行列。

這不僅是 Angelboy 首次登上該年度榜單，同時也是該名單中排名最高的台灣資安研究員。

Microsoft 旗下的 Microsoft Security Response Center（MSRC，或稱 Microsoft 安全性回應中心）長期藉 Microsoft Researcher Recognition Program（MRRR）計畫，公開表揚協助 Microsoft 挖掘系統安全漏洞的資安研究員，以此致謝優秀資安研究員為 Microsoft 的客戶及產品安全所付出的努力。

Microsoft 於 7 日公布的 MSRC 2024 Most Valuable Security Researchers 名單，是根據 2023 年 7 月至 2024 年 6 月，全球各地資安研究員向 MSRC 回報的漏洞得分所統計而得。在整體不分項名單中，Angelboy 獲得了 #33 名的殊榮。而針對 Microsoft 旗下各類型產品的 Windows 類別中，Angelboy 則入列 TOP 10，獲得 #9 的成績，並經認證全數漏洞回報皆為有效回報。

再次恭喜 Angelboy 奪得此一殊榮！

參考資料：

• Microsoft official announcement - Congratulations to the MSRC 2024 Most Valuable Security Researchers!
• Microsoft MSRC 2024 leaderboard

今日暂未更新资讯~
更多最新文章，请访问SecWiki