Aggregator

上周关注度较高的产品安全漏洞(20250616-20250622)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞488个，其中高危漏洞240个、中危漏洞217个、低危漏洞31个。

A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6511. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6510. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Netgear CBR40, D6220, D6400, D7000v2, D8500, DC112A, DGN2200v4, EAX20, EAX80, EX3700, EX3800, EX3920, EX6000, EX6100, EX6120, EX6130, EX6150, EX6200, EX6920, EX7000, EX7500, MK62, MR60, MS60, R6250, R6300v2, R6400, R6400v2, R6700v3, R6700, R6900P, R6900, R7000, R7000P, R7100LG, R7850, R7900, R7900P, R7960P, R8000, R8000P, R8300, R8500, RAX15, RAX20, RAX200, RAX45, RAX50, RAX75, RAX80, RBK752, RBR750, RBS750, RBK842, RBR840, RBS840, RBK852, RBR850, RBS850, RBS40V-200, RBW30, RS400, WN2500RPv2, WN3500RP, WNDR3400v3, WNR1000v3, WNR2000v2, WNR3500Lv2 and XR300. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2020-35796. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #596008 / VDB-313623

Submit #595999 / VDB-313623

Submit #595995 / VDB-313622

Submit #593678 / VDB-313622

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. This vulnerability is known as CVE-2025-6509. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M. In early May, the attackers behind […]

Что такое эмбиззлмент и как физики научились жульничать с законами Вселенной?

Submit #593061 / VDB-311712

Windows 和 Linux 世界的两大巨头此前从未在现实世界里见过面。最近 Sysinternals 创始人 Mark Russinovich 举办的一个晚宴上，Linux 内核作者 Linus Torvalds 和微软联合创始人 Bill Gates 首次同框。照片中共有四个人，其他两人是 Sysinternals 联合创始人、现微软云计算平台 Azure CTO Russinovich，他在 1990 年代后期开发了一组工具 Process Explorer、Autoruns 和 Procmon，对管理员和安全专业人士理解 Windows 内部机制产生了革命性影响。另外一人是 OpenVMS 核心开发者、Windows NT 内核和硬件抽象层的首席架构师，被誉为 Windows NT 之父的 Dave Cutler。Russinovich 在发布照片时开玩笑的说，他们并没有做出重要的内核决策。

Submit #592962 / VDB-313621

A vulnerability classified as critical was found in Microsoft SQL Server 2000. Affected by this vulnerability is an unknown functionality of the component DBCC. The manipulation leads to memory corruption. This vulnerability is known as CVE-2002-0644. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Adobe Flash Player up to 16.0.0.296. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-0318. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

SecurityScorecard has discovered a covert cyber-espionage botnet dubbed “LapDogs” linked to China

Клиент OpenVPN обещал безопасность, но подарил пользователям лишь синий экран.

A vulnerability was found in Oracle Financial Services Asset Liability Management 8.0.4/8.0.5/8.0.6/8.0.7 and classified as critical. This issue affects some unknown processing of the component jQuery. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2019-11358. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.