Aggregator

Mozilla Firefox v141.0 正式版发布，新增 WebGPU 支持提升网页应用性能，并引入 AI 自动建议选项卡分组名称功能。此外还优化了垂直选项卡布局和内存使用效率，并推出 ESR 长期支持版供用户选择更新。

エレコム株式会社が提供する無線LANルータには、複数の脆弱性が存在します。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.13/6.13.2. This issue affects the function release of the component File Descriptor Handler. The manipulation leads to uncontrolled file descriptor consumption. The identification of this vulnerability is CVE-2024-58002. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been declared as problematic. This vulnerability affects unknown code of the file net/sched/sch_sfq.c of the component net_sched. The manipulation leads to improper validation of array index. This vulnerability was named CVE-2024-57996. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been rated as critical. Affected by this issue is the function btbcm_get_board_name. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-57988. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.12/6.13.1. This affects the function mt7925_change_vif_links of the component mt76. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-57989. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.12/6.13.1. This vulnerability affects the function mt7925_load_clc. The manipulation leads to off-by-one. This vulnerability was named CVE-2024-57990. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been classified as critical. Affected is the function __scm_smc_call. The manipulation of the argument __scm leads to null pointer dereference. This vulnerability is traded as CVE-2024-57985. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.75/6.12.12/6.13.1. It has been classified as critical. Affected is the function dw_i3c_master of the component i3c. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-57984. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 and classified as critical. This vulnerability affects the function xhci_handle_stopped_cmd_ring. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-57981. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. Affected by this issue is the function detach_pm. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-57978. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. This affects the function uvc_status_init. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-57980. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 美国德克萨斯州酒精与药物检测服务公司（TADTS）近日通报，其系统在2024年7月遭遇数据泄露事件，约75万人的个人信息被非法获取。该公司总部位于德克萨斯州，主要为德州及其他地区提供职场与个人酒精及药物检测服务。 TADTS声明，事件于2024年7月9日被发现，涉及未授权访问及窃取其系统数据。在专业数据挖掘团队协助下，近期完成的调查确认失窃数据包含个人信息。 潜在泄露信息涵盖： 姓名、出生日期、社保号码 驾照号码、护照号码及其他身份证件号码 财务与信用卡信息 健康保险详情 生物识别信息 登录凭证、邮箱及密码 美国移民局档案号或外籍人士登记号 该公司在官网通知中说明：“此列表描述受影响系统中的通用信息类别，部分类别可能不适用于每位潜在受影响个体。”向缅因州总检察长办公室提交的书面通知副本显示，这些信息是“个人在就业相关筛查测试中授权提供的。” 事件控制后，TADTS已重置所有系统密码，部署额外监控工具，强化端点检测协议，并向执法部门及相关机构报案。公司表示尚未发现事件引发的欺诈或身份盗窃行为，但建议受影响人员监控信用报告与账户流水，发现可疑活动及时向金融机构报告。 根据向缅因州总检察长办公室提交的文件，本次事件共影响748,763人，但TADTS明确表示不会提供免费身份盗窃保护服务。 尽管TADTS未透露具体攻击类型，知名勒索团伙BianLian于2024年7月14日宣称对此次入侵负责，声称窃取约218GB数据。目前尚不明确黑客是否已公开泄露数据——其基于Tor的泄密网站当前处于离线状态，且该团伙已沉寂数月（上一次公布受害者记录为2025年3月31日）。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

这篇文章介绍了错误代码521的原因及解决方法。该错误通常由Cloudflare引发，常见原因包括DNS配置错误、服务器问题或网络连接异常。用户可尝试检查DNS设置、联系主机提供商或排查本地网络问题以解决问题。

GitHub新增社交登录功能，支持通过谷歌账号快速注册并使用绑定邮箱创建账户，默认无需设置密码和双重认证。建议注册后手动检查邮箱并设置密码以防万一。现有账户暂不支持绑定谷歌账号用于登录。

A vulnerability was found in Linux Kernel up to 6.15.3. It has been rated as problematic. Affected by this issue is the function mii_nway_restart of the component ch9200. The manipulation leads to unchecked return value. This vulnerability is handled as CVE-2025-38086. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.16.18/5.17.1. This vulnerability affects the function sprintf. The manipulation leads to buffer overflow. This vulnerability was named CVE-2022-49267. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in djvulibre 3.5.28. Affected by this issue is some unknown functionality of the file IW44EncodeCodec.cpp. The manipulation leads to divide by zero. This vulnerability is handled as CVE-2021-46312. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as problematic has been found in djvulibre 3.5.28. This affects an unknown part of the file IW44Image.cpp. The manipulation leads to divide by zero. This vulnerability is uniquely identified as CVE-2021-46310. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in GNU screen. It has been rated as critical. Affected by this issue is the function CheckPid of the file socket.c of the component Signal Handler. The manipulation leads to race condition. This vulnerability is handled as CVE-2025-46805. Attacking locally is a requirement. There is no exploit available.