Aggregator

A vulnerability classified as problematic was found in Honor MagicOS. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-47156. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Honor Magic OS up to 8.0.0.135. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-8994. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Honor Magic OS up to 8.0.0.135. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-8993. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Honor Magic OS up to 8.0.0.135. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-8992. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Honor Magic OS up to 8.0.0.135. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-47153. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Honor Magic OS up to 7.2.0.102 and classified as problematic. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-47151. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

支持Docker镜像拉取，添加对 OpenSSL 3.4.0 的支持，支持 gnutls 的 keylog 和 pcap 模式，允许捕获 IPv6 数据包，拆分日志记录器；修复了多个系统和功能的关键错误，包括在 Ubuntu 24.04 上的初始化脚本问题和 arm64 版本的兼容性问题；更新了日志记录器，优化了构建过程，添加了新的工作流和文档更新。

A Threat Actor Allegedly Has Leaked the Data of Cairo Governorate Educational Portal

A vulnerability was found in Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0. It has been rated as critical. This issue affects some unknown processing of the component Web Container. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-21371. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

在亚马逊以 65 亿美元收购米高梅控制詹姆斯·邦德电影发行权近三年之后，控制詹姆斯·邦德电影制作的 Broccoli 家族与电商巨头之间的关系基本破裂，新邦德电影在短期内不可能启动制作。这对于亚马逊在好莱坞的野心而言是一大挫败，因为 65 亿美元中有很大一部分是为邦德电影支付的。邦德电影由 Eon Productions 制作，其控制权一直掌握在 Barbara Broccoli 和 Michael G. Wilson 兄妹手中，过去 30 年的邦德电影都由 Barbara Broccoli 负责，而她认为亚马逊是一群白痴。双方的僵局源自传统好莱坞公司与硅谷新贵之间的理念冲突。硅谷公司看重数据、算法和流媒体订阅。在亚马逊眼里，邦德电影属于“内容”的一部分，而 Barbara 对此无法接受。她的同父异母长兄 Wilson 曾抱怨无法与亚马逊 L6 级别以上的高层见面，亚马逊 CEO Andy Jassy 的级别是 L12。

Microsoft is warning of an issue when using a media support to install Windows 11, version 24H2, that causes the operating system to not accept further security updates. [...]

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The identification of this vulnerability is CVE-2024-12956. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Vergenet Perdition Mail Retrieval Proxy up to 1.17. It has been classified as critical. Affected is an unknown function of the component Format String Protection. The manipulation leads to format string. This vulnerability is traded as CVE-2007-5740. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

虽然国内外有Cloudflare、七牛、又拍云、阿里云CDN、腾讯云CDN等免费和付费兼备的CDN服务，但是国内的CDN服务器都是需要域名备案才能使用，而且国内的CDN服务商提供的亚太节点费用比...

Старые версии инструмента открывали путь для вредоносных ссылок.

A vulnerability was found in Apple watchOS up to 3.0. It has been classified as critical. This affects an unknown part of the component System Boot. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2016-4669. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don't meet the SEC's "material" standard.

A vulnerability was found in SE-elektronic E-DDC3.3 03.07.03. It has been rated as very critical. This issue affects some unknown processing of the component Web Configuration Handler. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-1015. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in SE-elektronic E-DDC3.3 03.07.03. Affected is an unknown function of the component Administration Panel. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-1014. It is possible to launch the attack remotely. There is no exploit available.