Aggregator

A vulnerability, which was classified as critical, was found in Adobe Animate up to 23.0.7/24.0.4. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-47418. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Animate up to 23.0.7/24.0.4. This issue affects some unknown processing. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-47417. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Animate up to 23.0.7/24.0.4. This vulnerability affects unknown code. The manipulation leads to integer overflow. This vulnerability was named CVE-2024-47416. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Animate up to 23.0.7/24.0.4. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-47415. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.7/24.0.4. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-47414. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.7/24.0.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2024-47413. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.7/24.0.4. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-47412. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Animate up to 23.0.7/24.0.4 and classified as critical. This issue affects some unknown processing. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2024-47411. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Animate up to 23.0.7/24.0.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-47410. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Animate up to 23.0.7/24.0.4. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-47420. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Animate up to 23.0.7/24.0.4. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-47419. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Lightroom Desktop up to 7.4.1/13.5/12.5.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-45145. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in rami.io pretix Widget plugin up to 1.0.5 on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-9575. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

西门子发布了其SINEC安全监视器的一个新的安全更新，这是一个模块化的网络安全软件，用于被动的，非侵入性的，持续的监测客户场所的生产环境。已在V4.9.0之前的版本中发现了几个关键漏洞，这些漏洞被追踪为CVE-2024-47553、CVE-2024-47662、CVE-20483和CVE-2024-4565。 SINEC 安全监视器中发现的4个漏洞，其严重程度和对受影响系统的潜在风险各不相同。如果被利用，它们可能允许攻击者执行任意代码，损害系统完整性，并有可能获得对底层操作系统的根层访问权限。 已解决的脆弱性包括: CVE-2024-47553（CVSSv4 9.4）:由于ssmctl-client命令中用户输入的验证不当，允许经过身份验证的低权限攻击者以根权限执行任意代码。 CVE-2024-47562（CVSSv49.3）:由于用户输入ssmctl-client命令中的特殊元素被不当中和，使得经过身份验证的低特权本地攻击者能够执行特权命令。 CVE-2024-47563（CVSSv4 6.9）:由于对用于创建CSR文件的文件路径的验证不当，允许未经验证的远程攻击者在非预期位置创建文件。这可能会损害这些目录中文件的完整性。 CVE-2024-47565（CVSSv45.3）:允许经过身份验证的远程攻击者破坏应用程序的配置，原因是针对允许值对用户输入的验证不足。 西门子敦促用户将其SINEC Security Monitor安装更新到版本4.9.0或更高版本，以缓解这些漏洞。该更新可从西门子网站下载。     转自安全客，原文链接：https://www.anquanke.com/post/id/300632 封面来源于网络，如有侵权请联系删除

Почему платформа не спешит на помощь жертвам дипфейков и клеветы?

A vulnerability has been found in Mozilla Firefox up to 47 on Android and classified as critical. Affected by this vulnerability is an unknown functionality of the component Address Bar. The manipulation leads to improper input validation. This vulnerability is known as CVE-2016-5267. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Новый онлайн-сканер существенно облегчит жизнь системным администраторам.

The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements