Aggregator

Bumper crop of Windows vulns leads the way; 15 product groups represented

A vulnerability, which was classified as problematic, has been found in 3DSecure 2.0. This issue affects some unknown processing of the file threeDsMethod.jsp. The manipulation of the argument threeDSMethodData leads to cross site scripting. The identification of this vulnerability is CVE-2024-25284. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in HDF5 up to 1.14.3. This vulnerability affects the function H5A__close. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-32608. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in 3DSecure 2.0. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Referer leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-25286. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in 3DSecure 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/online. The manipulation of the argument params leads to cross site scripting. This vulnerability is handled as CVE-2024-25283. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LemonLDAP::NG up to 2.19.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component OAuth2 Client Authentication. The manipulation of the argument client_password leads to improper authentication. This vulnerability is known as CVE-2024-45160. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in za-internet C-MOR Video Surveillance 5.2401/6.00PL01. It has been classified as critical. Affected is an unknown function of the file settimezone.pml of the component Web Interface. The manipulation of the argument city leads to os command injection. This vulnerability is traded as CVE-2024-45179. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component V8. The manipulation leads to type confusion. The identification of this vulnerability is CVE-2024-9602. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component V8. The manipulation leads to type confusion. This vulnerability was named CVE-2024-9603. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

该团伙的攻击目标主要集中在俄罗斯政府的敏感部门和关键基础设施领域，不仅可能导致政府机密泄露，还可能对国家安全和社会稳定造成严重影响。

Three new Ivanti CSA zero-day actively exploited in attacksSoftware company Ivanti released se

A vulnerability was found in IBM AIX 6.1/7.1/7.2 and classified as critical. This issue affects some unknown processing of the component lsmcode. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2016-3053. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

马斯克(Elon Musk)已经将旗下 X/Twitter 变成一个宣传共和党总统候选人特朗普（Donald Trump）的平台。他最近被发现劫持了 @America 账号去宣传特朗普，并将其写入自己的账号简介里。这不是第一次，他此前从 Gene X. Hwang 手中劫持了 @X 账号。@America 账号原持有者曾与马斯克有过互动，曾经批评他的政治言论，现在其账号被马斯克改名为@America123_12。

error code: 1106

IntelからTrust Domain Extensions（TDX）モジュール向けのアップデートが公開されました。

FCIS 2024 网络安全创新大会·十周年活动——FreeBuf安全视界·FIT特刊正式开启。

A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Server 2004. Affected by this issue is some unknown functionality of the component Hyper-V. The manipulation leads to denial of service. This vulnerability is handled as CVE-2021-1691. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows 8.1/10/10 1607/Server 2012 R2/Server 2016. This affects an unknown part of the component Hyper-V. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-1692. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component CSC Service. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2021-1688. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.