Aggregator

目录• 前言• 绕过思路一：从已知gadget中寻找TemplatesImpl替代品• ReferenceSerialized• LdapAttribute• 绕过思路二：利用JDBC-Attack替

根据 StackExchange Data Explorer 的数据，随著 AI 编程助手的流行，曾经程序员首选的编程问答社区 StackOverflow 活跃度下降，新问题数量大幅减少。数据显示，2017 年是 StackOverflow 新问题数量的最高点，2020 年前问题数量维持稳定，但在 2022 年 11 月 ChatGPT 出现之后问题数量急剧减少，减少幅度达到四分之三，2024 年 12 月的问题数同比减少六成。开发者 Theodore Smith 曾是 StackOverflow 排名前 1% 的贡献者，他认为 StackOverflow 的生命只剩下不到一年时间。他认为 StackOverflow 活跃度下降的原因除了 AI 助手外，还有网站对用户的不友好文化。

A vulnerability has been found in Linux Kernel up to 6.12.6 and classified as problematic. Affected by this vulnerability is the function nilfs_iget of the file fs/inode.c. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-53690. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.5. Affected is the function queue_attr_store of the file /sys/kernel/debug. The manipulation leads to deadlock. This vulnerability is traded as CVE-2024-53689. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.4. This issue affects the function cache_set_flush. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-48881. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.65/6.12.4. This vulnerability affects the function dev_replace. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-48875. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.6. This affects the function getpagesize. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-56368. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.175/6.1.121/6.6.67/6.12.6. It has been rated as problematic. Affected by this issue is the function complete_hypercall_exit in the library arch/x86/kvm/x86.h of the component Hypercall Page Handler. The manipulation leads to state issue. This vulnerability is handled as CVE-2024-55881. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.67/6.12.6. It has been declared as critical. Affected by this vulnerability is the function get_net_track of the component SMB Client. The manipulation leads to use after free. This vulnerability is known as CVE-2024-54680. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.67/6.12.6. It has been classified as critical. Affected is the function tun_napi_alloc_frags of the file net/core/skbuff.c. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-56372. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.7 and classified as problematic. This issue affects the function btrfs_quota_enable of the file fs/btrfs/qgroup.c. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2024-57806. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.5 and classified as critical. This vulnerability affects the function disk_zone_wplug_set_error. The manipulation leads to deadlock. This vulnerability was named CVE-2024-55642. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.69/6.12.6. This affects the function ceph_mdsc_build_path. The manipulation leads to infinite loop. This vulnerability is uniquely identified as CVE-2024-53685. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.5. Affected by this issue is the function ramp_delay. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-53682. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.6. Affected by this vulnerability is the function clear_gigantic_page. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-52319. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.6. Affected is the function copy_user_gigantic_page. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-51729. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.6. It has been rated as problematic. This issue affects the function pick_next_entity. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-49573. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.232/5.15.175/6.1.121/6.6.67/6.12.6. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument iparea_offset/ipv6_prefixes_cnt leads to denial of service. This vulnerability was named CVE-2024-49571. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.