Aggregator

A CVSS score 3.8 AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N severity vulnerability discovered by 'dungnm from vcslab of Viettel Cyber Security' was reported to the affected vendor on: 2024-11-21, 7 days ago. The vendor is given until 2025-03-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

2024-11-208 min readDistributed Denial of Service (DDoS) attacks are cyberattacks that aim to overwh

为了理解为什么减肥之后体重容易反弹，研究人员分析了一组严重肥胖人群的脂肪组织，以及一组从未肥胖的对照组的脂肪组织。他们发现，肥胖组的脂肪细胞中的一些基因比对照组的脂肪细胞更活跃，而其他基因则不那么活跃。即使是减肥手术也无法改变这种模式。肥胖的参与者在接受减肥手术两年后，体重减轻了很多，但脂肪细胞的基因活动仍然显示出与肥胖有关的模式。小鼠身上也发现了类似的结果。肥胖记忆的产生是因为肥胖的经历导致了表观基因组的变化。研究人员报告，这种损害以及基因活动的变化，在体重降至健康水平后很长一段时间内都会持续存在。

A vulnerability was found in Apple iOS up to 8.4.1 and classified as problematic. This issue affects some unknown processing of the component Audio. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5862. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Watch up to 1.0.2 and classified as critical. This issue affects some unknown processing of the component Audio. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5862. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Mac OS X up to 10.10. Affected is an unknown function of the component Online Store Kit. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2015-5836. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the component AppleEvents. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-5849. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Mac OS X up to 10.11.0. Affected by this vulnerability is an unknown functionality of the component Directory Utility. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-6980. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

❗Disclaimer: This is Part 4 of our six-article series on Advanced Web Scraping. New to the series? C

在披露严重远程代码执行(RCE) 漏洞后，友讯（D-Link）建议旧型号 VPN 路由器的用户淘汰和更换其设备。CVE 编号尚未分配，漏洞细节尚未披露，因为公开细节可能会导致漏洞被广泛利用。目前所知的是该漏洞属于缓冲溢出漏洞，会导致未经身份验证的远程代码执行。友讯警告，如果客户继续使用受影响的产品，连接路由器的设备也会面临安全风险。受影响设备包括：DSR-150（2024 年 5 月终止支持)，DSR-150N (同上)，DSR-250(同上)，DSR-250N(同上)，DSR-500N (2015 年 9 月终止支持) 和 DSR-1000N (2015 年 10 月终止支持)。

A vulnerability was found in InfluxData InfluxDB up to 2.7.10 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-30896. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability has been found in wpmudev Branda Plugin up to 3.4.21 on WordPress and classified as problematic. This vulnerability affects the function remove_query_arg. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9371. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in britner Gutenberg Blocks with AI Plugin up to 3.3.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10785. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in MBed OS 6.16.0. Affected by this issue is some unknown functionality of the component HCI Parsing. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-48984. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in codelizarplugs Ultimate YouTube Video & Shorts Player with Vimeo Plugin up to 3.3 on WordPress. Affected by this vulnerability is the function del_ytsingvid. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-11354. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in litestar up to 2.12.x. Affected is an unknown function of the component Multipart Form Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-52581. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in codersaiful UltraAddons Plugin up to 1.1.8 on WordPress. It has been rated as problematic. This issue affects the function show_template of the component Shortcode Handler. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-10696. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in wproyal Bard Extra Plugin up to 1.2.7 on WordPress. It has been declared as problematic. This vulnerability affects the function bardxtra_import_xml. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-10532. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in babatechs Lock User Account Plugin up to 1.0.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2024-11197. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress and classified as critical. Affected by this issue is the function cf7_email_add_on_add_admin_template. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is handled as CVE-2024-10898. The attack may be launched remotely. There is no exploit available.