Aggregator

文章描述了错误代码521的情况，指出该错误通常由Cloudflare服务器无法连接到网站源服务器引起，可能由于源服务器配置错误、网络问题或防火墙设置不当导致。

文章介绍了Oracle WebLogic Server中的新漏洞CVE-2025-30762，该漏洞允许攻击者通过绑定恶意LDAP服务器的Reference实例，在调用Context.lookup时触发代码执行。无需身份验证即可利用T3或IIOP协议进行攻击，可能导致未经授权的数据访问和远程代码执行。

A vulnerability was found in Kerio Personal Firewall up to 4.1.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to infinite loop. This vulnerability is known as CVE-2004-1109. The attack can be launched remotely. Furthermore, there is an exploit available.

Citrix修复了两个高危漏洞CVE-2025-5349和CVE-2025-5777，其中CVE-2025-5777为内存溢出漏洞（Citrix Bleed 2），CVSS评分9.3。该漏洞影响NetScaler ADC和Gateway的部分版本，可导致敏感信息泄露、私钥窃取等严重危害。

HackerNews 编译，转载请注明出处： 科技制造商戴尔近日证实，黑客入侵了其产品演示平台，但向媒体强调事件未涉及敏感信息。 戴尔在声明中指出，某威胁行为体非法访问了“戴尔解决方案中心”（Dell’s Solution Center），该平台专为商业客户“展示产品功能及测试概念验证”而设立。 公司发言人明确表示，该平台“在设计上已与客户及合作伙伴系统隔离，同时独立于戴尔内部网络，不参与任何客户服务的提供流程”。平台使用的数据主要为虚假信息，源自公开数据集，仅用于产品演示等非生产场景。发言人补充道：“根据持续调查，攻击者获取的数据本质上是合成数据、公开信息或戴尔内部测试数据。” 作为全球最大计算机制造商之一，戴尔上个财年营收达956亿美元。 戴尔未透露事件具体发生时间及幕后组织，但勒索软件组织WorldLeaks声称对此次攻击负责。 该组织由三周前解散的Hunters International重组而来，解散前曾向既往受害者免费提供解密工具。Hunters International曾主导多起高调攻击，包括入侵美国法警局、纳米比亚国有电信运营商及西雅图知名癌症研究中心。 Hunters International的核心成员于2024年11月创建WorldLeaks。网络安全公司Group-IB评估认为，部分WorldLeaks与Hunters的管理员可能曾参与2023年被执法部门渗透瓦解的Hive勒索组织。 上周，谷歌事件响应团队披露，WorldLeaks成员正通过网络安全公司SonicWall的生命周期终止设备窃取企业敏感数据。       消息来源：therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

该文章介绍了错误代码521的原因及解决方法。

UNG0002 методично уничтожила кибербезопасность: от военных заводов до больниц.

ChatGPT每天处理25亿次提问请求,其中3.3亿来自美国用户,年请求量达9125亿次,虽远低于谷歌搜索的5万亿次,但增长速度惊人,OpenAI确认数据准确但未透露更多细节,人工智能正在改变传统工具格局.

A vulnerability classified as critical was found in Linux Kernel up to 6.13.1. This vulnerability affects the function th1520_mbox_suspend_noirq of the component mailbox. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-57983. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. Affected by this vulnerability is the function process_responses. The manipulation of the argument tot_len leads to integer overflow. This vulnerability is known as CVE-2024-57973. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been declared as critical. Affected by this vulnerability is the function sys_exit in the library lib/kobject.c. The manipulation leads to use after free. This vulnerability is known as CVE-2024-57979. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.12/6.13.1. Affected is the function tps6594_rtc_set_offset. The manipulation of the argument tmp leads to integer overflow. This vulnerability is traded as CVE-2024-57953. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3. It has been rated as problematic. Affected by this issue is the function msm_ioctl_gem_submit of the component gem. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-52559. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3 and classified as critical. This vulnerability affects the function bsg_queue of the component scsi. The manipulation leads to use after free. This vulnerability was named CVE-2024-54458. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.13.3. Affected by this issue is the function mi_enum_attr of the component ntfs3. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2024-52560. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.50/5.18.7. This affects the function psock_update_sk_prot of the component sock. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-49732. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.10/6.12.1. It has been declared as problematic. This vulnerability affects the function uof_get_name of the component qat_420xx. The manipulation of the argument fw_objs[] leads to off-by-one. This vulnerability was named CVE-2024-53163. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.1. This affects the function mem_ctrl_idx of the component bluefield. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-53161. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 美国阿拉斯加航空公司当地时间7月20日（周日）发生IT系统故障，导致所有航班停飞。该公司未说明故障具体性质，这已是其一年多来第二次全面停飞。 阿拉斯加航空在周日晚间向媒体发布的声明中表示：“太平洋时间周日晚8点左右（周一格林尼治时间0300），阿拉斯加航空遭遇影响航班运营的IT故障。我们已申请对阿拉斯加航空及旗下全资支线子公司地平线航空（Horizon Air）航班实施临时全系统地面停飞令。” 这家总部位于西雅图的航空公司称，当晚运营将持续受到后续影响，但未提供更多细节。 美国联邦航空管理局（FAA）状态页面显示，阿拉斯加航空干线飞机的地面停飞和地平线航空暂停运营影响了所有目的地。 2024年4月，阿拉斯加航空曾因飞机配载平衡计算系统问题全面停飞，此次事件距其波音737 MAX 9型客机舱门半空脱落事故仅数月之隔。 根据官网信息，阿拉斯加航空集团现运营238架波音737客机和87架巴航工业175客机。 今年6月，该集团旗下的夏威夷航空公司称部分IT系统遭黑客攻击。阿拉斯加航空集团表示仍在评估该事件的财务影响。 此次故障发生时，正值科技公司谷歌和Palo Alto Networks警告“Scattered Spider”黑客组织盯上航空业之际。 加拿大西捷航空6月遭遇不明网络攻击 澳大利亚澳航7月发生数据泄露事件，数百万客户信息遭窃 目前尚不清楚阿拉斯加航空故障是否与微软周日所称“政府机构和企业所用服务器软件遭主动攻击”有关。截至发稿，阿拉斯加航空未回应媒体关于两者关联性的质询。         消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

文章介绍了错误代码521的原因和影响，指出该错误通常与Cloudflare服务相关，可能由服务器配置问题或网络连接故障引起，并建议用户联系网络提供商或检查DNS设置以解决问题。