Aggregator

A vulnerability classified as critical has been found in Oracle HTTP Server 12.2.1.4.0. This affects an unknown part of the component SSL Module. The manipulation leads to http response splitting. This vulnerability is uniquely identified as CVE-2022-37436. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Apache HTTP Server up to 2.4.54. Affected is an unknown function. The manipulation leads to http response splitting. This vulnerability is traded as CVE-2022-37436. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server up to 2.4.54 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2006-20001. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Oracle Hyperion Infrastructure Technology 11.2.14.0.000. Affected is an unknown function of the component Installation/Configuration. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2023-25690. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Session Report Manager 9.0.0/9.0.1. It has been rated as very critical. Affected by this issue is some unknown functionality of the component FEServer. The manipulation leads to http request smuggling. This vulnerability is handled as CVE-2023-25690. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Enterprise Manager Ops Center 12.4.0.0. It has been rated as very critical. This issue affects some unknown processing of the component Networking. The manipulation leads to http request smuggling. The identification of this vulnerability is CVE-2023-25690. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Oracle HTTP Server 12.2.1.4.0. Affected is an unknown function of the component SSL Module. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2023-25690. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in GNU Guix. It has been classified as critical. Affected is an unknown function of the component guix-daemon. The manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2024-52867. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

即使你从未关注过联盟和部落在艾泽拉斯的战争，你很可能也听说过《魔兽世界》。这款 MMORPG 游戏超越了游戏范畴，成为了一种流行文化现象。本世纪初，MMORPG 的典型代表是《无尽的任务》，其巅峰期有大约 55 万玩家。《魔兽世界》于 2004 年 11 月上线，不到一年时间其订阅玩家数就达到 600 万，六年后达到了 1200 万。通过订阅和内购，暴雪赚取了数十亿美元。二十年后，《魔兽世界》仍然是暴雪的一个重要的收入来源。《魔兽世界》证明了订阅制的可行性；在社交媒体诞生前，游戏内的公会就形成了一种社交网络，很多人从中体验了社交网络的未来。当时 Facebook 还只在大学里流行，家庭宽带网络刚刚起步。《南方公园》制作的《要爱，不要魔兽世界》一集还为它赢得了艾美奖。

In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterprise-grade maturity, reliability, and transparency. Domas also shares key factors organizations should prioritize in open-source adoption to enhance security and balance innovation with stability. What are the biggest misconceptions about open-source security, and how can community members and professionals work … More →

The post Debunking myths about open-source security appeared first on Help Net Security.

警察能解锁的手机

A vulnerability was found in Elasticsearch Elastic Cloud Enterprise. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component API. The manipulation leads to permission issues. This vulnerability is known as CVE-2021-22146. The attack can only be done within the local network. Furthermore, there is an exploit available.

The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like Domain Name System (DNS) abuse– manifesting as phishing, malware, and botnets – jeopardize this security. Such abuses harm individuals and undermine the overall trust in the internet. In this Help Net Security video, Ram Mohan, Chief Strategy Officer at Identity Digital, discusses the role registries play in safeguarding the DNS … More →

The post Safeguarding the DNS through registries appeared first on Help Net Security.

Google Does Not Have Material Influence Over Antrhtopic, Agency Says
The U.K. antitrust regulator called off an investigation into a $2 billion partnership between computing giant Alphabet and artificial intelligence startup Anthropic. The .K. Competition and Markets Authority probe sought to understand if the deal forms a "relevant merger situation."

Incident Is Among Growing List of Attacks on Small, Rural Hospitals
An Oklahoma hospital quickly restored its IT systems after a ransomware attack in September, but the 62-bed hospital could not recover some data and later learned that hackers may have accessed the personal information of 133,000 people. The attack is the latest involving a small rural hospital.

Competition Regulator Says WhatsApp Users Could Not Opt Out of Data Sharing
India's Competition Commission has fined social media conglomerate Meta over $25 million for forcing WhatsApp users to agree to a sweeping data sharing policy with other Meta platforms. The agency ordered the company to stop using users' data for online advertising on other Meta platforms.

Experts Call on Feds to Step Up Defense Against Escalating Chinese Threats
A panel of cybersecurity experts and top industry officials pushed lawmakers and the federal government to step up their defenses against escalating cyberthreats from China, citing recent high-profile examples of evidence that Beijing is increasingly targeting the U.S. with sophisticated attacks.

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below - CVE-2024-44308 (CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content CVE-2024-44309 (CVSS score: 6.1