Aggregator

本期CNCERT国家工程研究中心安全资讯周报共收录安全资讯28篇。点击文章，快速阅读最新资讯。

Submit #393750 / VDB-275764

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2024-8162. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #393376 / VDB-275763

Submit #393375 / VDB-275762

Submit #393374 / VDB-275761

A vulnerability was found in ARM CPU. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-37985. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Adobe Acrobat Viewer. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-41879. The attack can be initiated remotely. There is no exploit available.

Submit #392015 / VDB-275760

A vulnerability was found in BYOB 2.0. It has been classified as critical. This affects the function file_add of the file api/files/routes.py of the component Parameter Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-45256. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in CentralSquare CryWolf up to 2024-08-09 and classified as problematic. Affected by this issue is some unknown functionality of the file GeneralDocs.aspx. The manipulation of the argument rpt leads to information disclosure. This vulnerability is handled as CVE-2024-45241. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in AVG Ultimate, Internet Security and AntiVirus FREE up to 17.1. It has been classified as critical. This affects an unknown part of the component Self-Protection. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2017-5566. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in Avast Premier, Internet Security, Pro Antivirus and Free Antivirus up to 12.3. It has been declared as critical. This vulnerability affects unknown code of the component Self-Protection. The manipulation leads to improper access controls. This vulnerability was named CVE-2017-5567. The attack needs to be approached locally. There is no exploit available.

在数字产业化和产业数字化持续深化的背景下，数据与传统生产要素的深度融合，成为数字时代推动高质量发展的强劲动力。

2022 年底，OpenAI 推出的 ChatGPT 在文本生成领域实现了重大突破，引领了大模型技术的发展方向，推动了各式各样的基座大模型及行业大模型的发展，并逐步向多模态和具身化方向迅速演进。

本期关键基础设施安全资讯周报共收录安全资讯28篇。点击文章，快速阅读最新资讯。

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever.

New findings from Forescout ­– Vedere Labs, the industry leader in device intelligence, and Finite State… (more…)

The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers first appeared on The Last Watchdog.

The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers appeared first on Security Boulevard.

CISA дала федеральным агентствам США три недели, чтобы защитить свои сети.

A vulnerability was found in Flexera FlexNet Publisher up to 11.14.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2017-5571. The attack may be initiated remotely. There is no exploit available.

合辑中都是我们优中选优的精华成果，2024第一季度山石网科安研院原创技术文章合辑。