Aggregator

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞247个，其中高危漏洞120个、中危漏洞117个、低危漏洞10个。漏洞平均分值为6.54。

一、境外厂商产品漏洞1、SAP NetWeaver Enterprise Portal跨站脚本漏洞（CNVD-2024-49627）SAP Commerce Cloud的Backoffice是一个用户

2024年12月30日-2025年1月05日本周漏洞态势研判情况      本周信息安全漏洞威胁整体评价级别为中。国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞247个，其中

A vulnerability classified as problematic has been found in Avantbrowser Avant Browser up to 11.7. This affects an unknown part of the component Javascript Engine. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2008-4166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

12月，火绒安全产品拦截恶意攻击总数185,909,512次，其中病毒拦截1.1亿次、系统高危动作拦截4006.8万次、网络高危风险拦截3993.3万次。

A vulnerability was found in Document Foundation LibreOffice 7.4.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the component PPT File Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-36268. The attack may be launched remotely. There is no exploit available.

前期，我们已经撰写《绿盟虚拟汽车靶场及其优势》一文，以阐述绿盟虚拟汽车靶场的优势与攻防实战表现，表明虚拟汽车在虚拟电子电气架构的虚拟化方面表现出色。本文作为补充，基于CAN总线攻防实战，进一步阐述绿盟虚拟汽车在CAN总线攻防方面的表现

一.  背景绿盟突破技术壁垒，使得虚拟汽车零部件具备嵌入式操作系统（嵌入式Linux、嵌入式Android），多个虚拟零部件可以加入虚拟汽车CAN网络中相互进行CAN总线通信，构建出完整的汽车电子电气

A vulnerability was suspected in Freedesktop Xedit 1.2.3. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Apple macOS. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Apple iOS and iPadOS. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in User Submitted Posts Plugin up to 20230901. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Tinyproxy 1.11.1. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Fronius Datalogger Web 2.0.5-4. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Cisco FirePOWER Management Center. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in ThingsForRestaurants Quick Restaurant Reservations Plugin up to 1.4.1. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.12.10. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.10.76/5.14.15. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.