Aggregator

Arch Linux 项目负责人 Levente Polyak 在邮件列表上宣布与 Valve 建立直接合作关系。Valve 将在两个方面支持 Arch Linux 项目：构建服务基础设施和安全签名 Enclave。这一消息并不令人惊讶或出人意料，由于 Steam Deck 掌机使用的发行版 SteamOS 是基于 Arch Linux，而 Steam Play/Proton 利用了 Wine 项目，Valve 资助了大量开源项目，与上游发行版更紧密合作富有意义。

A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. This vulnerability was named CVE-2024-9326. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #414107 / VDB-278820

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2024-9325. It is possible to launch the attack on the local host. There is no exploit available. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. This vulnerability is handled as CVE-2024-9324. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

Submit #414058 / VDB-278830

Submit #385397 / VDB-278829

Submit #375614 / VDB-278828

内部备忘录显示，戴尔要求全球销售团队员工从 9 月 30 日起每周在办公室工作五天。此举旨在促进合作和技能开发。戴尔在备忘录中表示，现场代表必须每周五天而不是之前的三天与客户、合作伙伴讨论业务，或在办公室工作。无法进驻本地戴尔办公室的远程员工将继续在家办公。

A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9323. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-9322. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #413401 / VDB-278827

Submit #413337 / VDB-278826

发表在《Journal of Exposure Science & Environmental Epidemiology》期刊上的一项研究发现，人类身上发现了愈 3,600 种来自食品包装、厨具或食品加工设备的化学物质。这些化学物质存在于人类血液、头发或母乳中，其中包括已知剧毒的化合物，如 PFAS、双酚、金属、邻苯二甲酸盐和挥发性有机化合物。很多化合物与癌症、荷尔蒙紊乱等严重健康问题相关。研究作者表示需要对食品接触化学物质进行进一步审查。研究人员指出塑料带来的问题最严重，而它基本上不受监管。此外金属罐上的硅胶和涂层也可能含有有毒或未充分研究的化合物。有多种因素会导致化合物以更高速率渗透入食物，其中包括较高的温度、脂肪含量和酸度。

A vulnerability has been found in RoundCube up to 1.3.16/1.4.11 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument search/search_params leads to sql injection. This vulnerability was named CVE-2021-44026. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ruckus Wireless Admin up to 10.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forms/doLogin of the component HTTP GET Request Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2023-25717. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in VMware Aria Operations for Networks 6.x. This vulnerability affects unknown code. The manipulation leads to command injection. This vulnerability was named CVE-2023-20887. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in VMware Tools. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2023-20867. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ZyXEL NAS326 and NAS540. It has been rated as very critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2023-27992. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.