Rsync修复数个高危漏洞,两个RCE需要重点关注
立即查看漏洞详情
Aggregator
Rsync修复数个高危漏洞,两个RCE需要重点关注
1 year 3 months ago
立即查看漏洞详情
研究人员在iPhone USB-C芯片中发现安全缺陷 但攻击方式太复杂苹果暂时不修复
1 year 3 months ago
#安全资讯 研究人员发现 iPhone USB-C 控制器芯片存在安全缺陷,但因为利用方式极其复杂所以苹果暂时不准备修复。研究人员通过射频侧信道分析芯片启动时的电磁型号确定固件验证时间
CVE-2021-43326 | Agent up to 31 on Windows Temporary Directory permission (EDB-50642)
1 year 3 months ago
A vulnerability was found in Agent up to 31 on Windows. It has been classified as critical. Affected is an unknown function of the component Temporary Directory Handler. The manipulation leads to permission issues.
This vulnerability is traded as CVE-2021-43326. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21477 | Qualcomm Snapdragon up to X75 5G Modem-RF System 802.11az Fine Time Measurement Frame buffer over-read
1 year 3 months ago
A vulnerability was found in Qualcomm Snapdragon. It has been declared as critical. This vulnerability affects unknown code of the component 802.11az Fine Time Measurement Frame Handler. The manipulation leads to buffer over-read.
This vulnerability was named CVE-2024-21477. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-23351 | Qualcomm Snapdragon up to WSA8845H GPU Register access control
1 year 3 months ago
A vulnerability classified as critical has been found in Qualcomm Snapdragon. Affected is an unknown function of the component GPU Register Handler. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2024-23351. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-23354 | Qualcomm Snapdragon up to WSA8845H IOCTL Call use after free
1 year 3 months ago
A vulnerability classified as critical was found in Qualcomm Snapdragon. Affected by this vulnerability is an unknown functionality of the component IOCTL Call Handler. The manipulation leads to use after free.
This vulnerability is known as CVE-2024-23354. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-3661 | IETF DHCP Network Traffic TunnelVision missing authentication (Nessus ID 214010)
1 year 3 months ago
A vulnerability was found in IETF DHCP. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Network Traffic Handler. The manipulation leads to missing authentication.
This vulnerability is known as CVE-2024-3661. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2024-21471 | Qualcomm Snapdragon IOMMU use after free
1 year 3 months ago
A vulnerability classified as critical was found in Qualcomm Snapdragon. Affected by this vulnerability is an unknown functionality of the component IOMMU. The manipulation leads to use after free.
This vulnerability is known as CVE-2024-21471. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-43529 | Qualcomm Snapdragon up to X55 5G Modem IKEV2 Informational Request assertion
1 year 3 months ago
A vulnerability classified as critical has been found in Qualcomm Snapdragon. This affects an unknown part of the component IKEV2 Informational Request Handler. The manipulation leads to reachable assertion.
This vulnerability is uniquely identified as CVE-2023-43529. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-43530 | Qualcomm Snapdragon up to XR2 5G Platform HLOS integer overflow
1 year 3 months ago
A vulnerability classified as problematic was found in Qualcomm Snapdragon. This vulnerability affects unknown code of the component HLOS. The manipulation leads to integer overflow.
This vulnerability was named CVE-2023-43530. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-43531 | Qualcomm Snapdragon up to XR2 5G Platform Header uninitialized pointer
1 year 3 months ago
A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon. This issue affects some unknown processing of the component Header Handler. The manipulation leads to uninitialized pointer.
The identification of this vulnerability is CVE-2023-43531. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21474 | Qualcomm Snapdragon up to X65 5G Modem-RF System stack-based overflow
1 year 3 months ago
A vulnerability has been found in Qualcomm Snapdragon and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to stack-based buffer overflow.
This vulnerability is known as CVE-2024-21474. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21475 | Qualcomm Snapdragon up to SM6250 out-of-range pointer offset
1 year 3 months ago
A vulnerability was found in Qualcomm Snapdragon and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to use of out-of-range pointer offset.
This vulnerability is handled as CVE-2024-21475. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21476 | Qualcomm Snapdragon up to XR2+ Gen 1 Platform Channel ID memory corruption
1 year 3 months ago
A vulnerability was found in Qualcomm Snapdragon. It has been classified as critical. This affects an unknown part of the component Channel ID Handler. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2024-21476. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
网友被异地开通微信刷脸支付并成功支付 腾讯先行赔偿后正在进行调查
1 year 3 months ago
#科技资讯 网友被异地开通微信刷脸支付并成功支付,腾讯先行全额赔偿后表示正在核实沟通。贵州网友张兰在 1 月 12 日被盗刷者在安徽亳州开通刷脸支付并付款 106.64 元,监控显示盗
国家计算机病毒应急处理中心监测发现16款违规移动应用
1 year 3 months ago
胡金鱼
国家计算机病毒应急处理中心监测发现16款违规移动应用
1 year 3 months ago
国家计算机病毒应急处理中心依据《网络安全法》《个人信息保护法》《App违法违规收集使用个人信息行为认定方法》等法律法规及相关国家标准要求,近期通过互联网监测发现16款移动App存在隐私不合规行为。
1、隐私政策难以访问、未声明App运营者的基本情况。涉及9款App如下:
《小鹿组队电竞陪玩》(版本3.7.1,360手机助手)、
《168运友物流》(版本3.9.93,应用宝)、
《天水秦州村镇银行》(版本3.0.7,vivo应用商店)、
《esc模拟社恐快逃》(版本2.1.8,百度手机助手)、
《懂球圈》(版本1.3.0,应用宝)、
《学法减分笔记》(版本1.0.5,vivo应用商店)、
《中峪数交》(版本1.2.9,应用宝)、
《全能CAD手机看图王》(版本2.0.1,360手机助手)、
《多语游外语学习》(版本1.0,百度手机助手)。
2、隐私政策未逐一列出App(包括委托的第三方或嵌入的第三方代码、插件)收集使用个人信息的目的、方式、范围等。涉及8款App如下:
《小鹿组队电竞陪玩》(版本3.7.1,360手机助手)、
《易面酷》(版本2.1.0,应用宝)、
《168运友物流》(版本3.9.93,应用宝)、
《智慧狐》(版本3.4.10,vivo应用商店)、
《esc模拟社恐快逃》(版本2.1.8,百度手机助手)、
《山西信托》(版本2.8.5,应用宝)、
《多语游外语学习》(版本1.0,百度手机助手)、
《健康诺时邦》(版本1.4.5,360手机助手)。
3、个人信息处理者向其他个人信息处理者提供其处理的个人信息的,未向个人告知接收方的名称或者姓名、联系方式、处理目的、处理方式和个人信息的种类,未取得个人的单独同意。涉及6款App如下:
《皓俊通货主端》(版本1.1.71,应用宝)、
《天水秦州村镇银行》(版本3.0.7,vivo应用商店)、
《智慧狐》(版本3.4.10,vivo应用商店)、
《esc模拟社恐快逃》(版本2.1.8,百度手机助手)、
《山西信托》(版本2.8.5,应用宝)、
《健康诺时邦》(版本1.4.5,360手机助手)。
4、App未建立并公布个人信息安全投诉、举报渠道。涉及1款App如下:
《中峪数交》(版本1.2.9,应用宝)。
5、基于个人同意处理个人信息的,个人有权撤回其同意。个人信息处理者未提供便捷的撤回同意的方式;向用户提供撤回同意收集个人信息的途径、方式,未在隐私政策等收集使用规则中予以明确。涉及10款App如下:
《小鹿组队电竞陪玩》(版本3.7.1,360手机助手)、
《易面酷》(版本2.1.0,应用宝)、
《司小宝》(版本4.9.7,小米应用商店)、
《运小满·物流助手》(版本4.1.1,应用宝)、
《懂球圈》(版本1.3.0,应用宝)、
《中峪数交》(版本1.2.9,应用宝)、
《全能CAD手机看图王》(版本2.0.1,360手机助手)、
《山西信托》(版本2.8.5,应用宝)、
《多语游外语学习》(版本1.0,百度手机助手)、
《健康诺时邦》(版本1.4.5,360手机助手)。
6、处理敏感个人信息未取得个人的单独同意。涉及2款App如下:
《168运友物流》(版本3.9.93,应用宝)、
《健康诺时邦》(版本1.4.5,360手机助手)。
7、个人信息处理者处理不满十四周岁未成年人个人信息的,未制定专门的个人信息处理规则。涉及3款App如下:
《懂球圈》(版本1.3.0,应用宝)、
《多语游外语学习》(版本1.0,百度手机助手)、
《健康诺时邦》(版本1.4.5,360手机助手)。、
针对上述情况,国家计算机病毒应急处理中心提醒广大手机用户首先谨慎下载使用以上违规移动App,同时要注意认真阅读其用户协议和隐私政策说明,不随意开放和同意不必要的隐私权限,不随意输入个人隐私信息,定期维护和清理相关数据,避免个人隐私信息被泄露。
注:文中所列App检测时间为2024年11月18日至12月31日
文章来源自:国家计算机病毒应急处理中心监测
胡金鱼
Critical vulnerabilities remain unresolved due to prioritization gaps
1 year 3 months ago
Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing them to manage overwhelming volumes of risk with tools and processes that are no longer adequate. Swimlane surveyed 500 cybersecurity decision-makers in the US and the UK to uncover how vulnerability management teams are coping … More →
The post Critical vulnerabilities remain unresolved due to prioritization gaps appeared first on Help Net Security.
Help Net Security
TSCCTF 2025
1 year 3 months ago
Name: TSCCTF 2025 (an TSCCTF event.)
Date: Jan. 13, 2025, 2 a.m. — 16 Jan. 2025, 02:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.tscctf.com/
Rating weight: 0
Event organizers: Taiwan Security Club
Date: Jan. 13, 2025, 2 a.m. — 16 Jan. 2025, 02:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.tscctf.com/
Rating weight: 0
Event organizers: Taiwan Security Club