Aggregator

Новый российский "Telegram-киллер" покоряет топы.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.5.5. This affects an unknown part of the component 8250_port. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2023-52567. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Linux Kernel 5.10/6.1/6.5.rc7. Impacted is the function __ip_set_put of the file net/netfilter/ipset/ip_set_core.c of the component Netfilter Subsystem. Executing manipulation can lead to race condition. The identification of this vulnerability is CVE-2023-42756. The attack can only be executed locally. Furthermore, there is an exploit available. Applying a patch is advised to resolve this issue.

A vulnerability was found in Linux Kernel up to 6.5.5 and classified as problematic. The impacted element is the function nilfs_gccache_submit_read_data of the component nilfs2. The manipulation results in use after free. This vulnerability is cataloged as CVE-2023-52566. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel 6.2. This vulnerability affects the function do_div of the file drivers/mtd/ubi/cdev.c. This manipulation causes divide by zero. This vulnerability appears as CVE-2023-31085. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability classified as critical was found in Xen. This issue affects some unknown processing of the component Linux Kernel Event Channel Handler. Executing manipulation can lead to deadlock. This vulnerability is handled as CVE-2023-34324. It is possible to launch the attack on the local host. There is not any exploit available. Applying a patch is advised to resolve this issue.

A vulnerability was found in TODDR YAML::Syck up to 1.35 on Perl. It has been declared as critical. Impacted is the function YAML::Syck of the file token.c of the component YAML File Parser. The manipulation results in memory corruption. This vulnerability is known as CVE-2025-11683. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

好，我现在需要帮用户总结一篇文章，控制在100字以内。首先，我得通读全文，抓住主要内容。文章讲的是作者开发了一款名为WatchNice的iOS应用，用于美化Apple Watch的截屏。主要功能包括添加背景色、套壳、边框和调整布局。定价方面，免费使用部分功能，Pro版内购解锁全部功能，价格实惠。作者还提到开发过程中的挑战和未来的计划。 接下来，我要提炼关键点：应用名称、功能、定价策略、作者身份转变。然后用简洁的语言把这些点连贯起来，确保不超过100字。注意不要使用“文章内容总结”这样的开头，直接描述内容。 可能的结构：WatchNice的功能介绍，定价策略，作者作为独立开发者的身份。这样既全面又简洁。 作者分享了自己开发 iOS 应用 WatchNice 的经历。这款工具专为 Apple Watch 截屏美化设计，支持添加背景色、套壳、边框及调整布局等实用功能，并提供免费和付费 Pro 版本。作为个人首款 app，开发者希望通过这款小工具为用户提供独特价值，并开启自己的独立开发者生涯。

A vulnerability identified as problematic has been detected in Open5GS up to 2.7.4. This affects an unknown function of the component Discovery Service. Performing manipulation results in reachable assertion. This vulnerability is cataloged as CVE-2025-41067. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Open5GS up to 2.7.4. This impacts an unknown function of the component Discovery Service. Executing manipulation can lead to reachable assertion. This vulnerability is registered as CVE-2025-41068. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Zoho ManageEngine ManageEngine Endpoint Central. Affected by this vulnerability is an unknown functionality. The manipulation results in sensitive information in log files. This vulnerability is reported as CVE-2025-11248. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2025-12208. The attack is possible to be carried out remotely. Moreover, an exploit is present.

株式会社 塚本無線が提供するWTW EAGLE（Windows版）のインストーラにはDLL読み込みに関する脆弱性が存在します。

A vulnerability categorized as critical has been discovered in IBM QRadar SIEM up to 7.5.0 UP13 IF02. Impacted is an unknown function. Such manipulation leads to incorrect privilege assignment. This vulnerability is referenced as CVE-2025-36007. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in FRRouting FRR up to 10.4.1. This issue affects the function show_vty_ext_pref_pref_sid of the file ospf_ext.c of the component LSA Handler. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2025-61107. The attack can only be done within the local network. There is not any exploit available.

10月17日DataCon2025报名通道开启，口令安全比赛中你关心的那些问题，全在这里了！

Full Disclosuremailing list archivesFrom: SEC Consult Vulnerability Lab via Full

Full Disclosuremailing list archivesFrom: Andrey Stoykov

Full Disclosuremailing list archivesFrom: Andrey Stoykov