Aggregator

A vulnerability was found in Linux Kernel up to 6.6.75/6.12.12/6.13.1. It has been classified as critical. This affects the function _read_freq. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-57998. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.13.1 and classified as critical. Affected by this issue is the function ath12k_mac_assign_vif_to_vdev. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-57995. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been rated as problematic. Affected by this issue is the function wcn->chan_survey. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2024-57997. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.12/6.13.1. Affected by this issue is the function ptr_ring_resize_multiple of the file net/core/page_pool.c. The manipulation leads to reachable assertion. This vulnerability is handled as CVE-2024-57994. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 and classified as problematic. Affected by this vulnerability is the function thrustmaster_probe. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-57993. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.13.1. This issue affects the function rtw89_entity_recalc_mgnt_roles of the file chan.c. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-57991. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Mozilla Firefox v141.0 正式版发布，新增 WebGPU 支持提升网页应用性能，并引入 AI 自动建议选项卡分组名称功能。此外还优化了垂直选项卡布局和内存使用效率，并推出 ESR 长期支持版供用户选择更新。

エレコム株式会社が提供する無線LANルータには、複数の脆弱性が存在します。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.13/6.13.2. This issue affects the function release of the component File Descriptor Handler. The manipulation leads to uncontrolled file descriptor consumption. The identification of this vulnerability is CVE-2024-58002. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. It has been declared as problematic. This vulnerability affects unknown code of the file net/sched/sch_sfq.c of the component net_sched. The manipulation leads to improper validation of array index. This vulnerability was named CVE-2024-57996. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been rated as critical. Affected by this issue is the function btbcm_get_board_name. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-57988. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.12/6.13.1. This affects the function mt7925_change_vif_links of the component mt76. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-57989. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.12/6.13.1. This vulnerability affects the function mt7925_load_clc. The manipulation leads to off-by-one. This vulnerability was named CVE-2024-57990. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been classified as critical. Affected is the function __scm_smc_call. The manipulation of the argument __scm leads to null pointer dereference. This vulnerability is traded as CVE-2024-57985. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.75/6.12.12/6.13.1. It has been classified as critical. Affected is the function dw_i3c_master of the component i3c. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-57984. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 and classified as critical. This vulnerability affects the function xhci_handle_stopped_cmd_ring. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-57981. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. Affected by this issue is the function detach_pm. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-57978. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. This affects the function uvc_status_init. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-57980. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 美国德克萨斯州酒精与药物检测服务公司（TADTS）近日通报，其系统在2024年7月遭遇数据泄露事件，约75万人的个人信息被非法获取。该公司总部位于德克萨斯州，主要为德州及其他地区提供职场与个人酒精及药物检测服务。 TADTS声明，事件于2024年7月9日被发现，涉及未授权访问及窃取其系统数据。在专业数据挖掘团队协助下，近期完成的调查确认失窃数据包含个人信息。 潜在泄露信息涵盖： 姓名、出生日期、社保号码 驾照号码、护照号码及其他身份证件号码 财务与信用卡信息 健康保险详情 生物识别信息 登录凭证、邮箱及密码 美国移民局档案号或外籍人士登记号 该公司在官网通知中说明：“此列表描述受影响系统中的通用信息类别，部分类别可能不适用于每位潜在受影响个体。”向缅因州总检察长办公室提交的书面通知副本显示，这些信息是“个人在就业相关筛查测试中授权提供的。” 事件控制后，TADTS已重置所有系统密码，部署额外监控工具，强化端点检测协议，并向执法部门及相关机构报案。公司表示尚未发现事件引发的欺诈或身份盗窃行为，但建议受影响人员监控信用报告与账户流水，发现可疑活动及时向金融机构报告。 根据向缅因州总检察长办公室提交的文件，本次事件共影响748,763人，但TADTS明确表示不会提供免费身份盗窃保护服务。 尽管TADTS未透露具体攻击类型，知名勒索团伙BianLian于2024年7月14日宣称对此次入侵负责，声称窃取约218GB数据。目前尚不明确黑客是否已公开泄露数据——其基于Tor的泄密网站当前处于离线状态，且该团伙已沉寂数月（上一次公布受害者记录为2025年3月31日）。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

这篇文章介绍了错误代码521的原因及解决方法。该错误通常由Cloudflare引发，常见原因包括DNS配置错误、服务器问题或网络连接异常。用户可尝试检查DNS设置、联系主机提供商或排查本地网络问题以解决问题。