Aggregator

通义千问推出开源编程模型 Qwen3-Coder 和命令行工具 Qwen Code。Qwen3-Coder 性能媲美 Claude Sonnet 4，支持大规模强化学习和多轮交互任务。Qwen Code 基于 Gemini Code 开发，优化提示和函数调用协议。通过阿里云基础设施扩展环境规模，提升代码生成能力，并开源工具供开发者使用。

文章描述了错误代码521的含义及其常见原因,指出该错误通常与Cloudflare服务相关,表明源服务器未正确响应请求,可能因配置问题或网络故障导致,建议检查服务器设置或联系服务提供商解决问题。

HackerNews 编译，转载请注明出处： 德国工业自动化解决方案提供商Helmholz生产的路由器近期被发现并修补了多个潜在严重漏洞。上周，德国CERT@VDE发布公告，披露了Helmholz旗下REX 100路由器中存在的八个漏洞，这些漏洞使组织能够远程访问和管理工业网络，安全风险由此曝光。 Helmholz路由器通过遍布60个国家的合作伙伴网络在全球销售，覆盖北美、欧洲和亚洲等地区。根据CERT@VDE公告，其中三个漏洞被评定为“高危”级别，均允许拥有高权限的攻击者通过特制请求执行任意操作系统命令。其余问题归类为“中危”，可被用于SQL注入、XSS攻击及拒绝服务攻击（包括未认证的DoS）。 供应商已发布REX 100路由器固件版本2.3.3修复这些漏洞，此前所有固件版本均受影响。这些漏洞是由工业网络安全公司CyberDanube在奥地利一所大学组织的实验室演习中发现。尽管官方CVSS评分不高，但该公司认为部分漏洞实际危害严重。 CyberDanube指出，虽然多数漏洞需认证才能利用，但设备存在默认凭证，可能被攻击者绕过此限制。部分漏洞可让攻击者以root权限在目标设备上执行任意代码，导致服务中断、通信拦截或转向攻击网络内其他系统。 另一个潜在风险在于该工业路由器永久连接至供应商的云端环境——用户通过Web界面管理和配置工业网络设备的基础。若攻击者发现该云系统漏洞，可能入侵其他客户设备，造成“灾难性”后果。CyberDanube已发布包含技术细节和漏洞利用代码（PoC）的独立公告。       消息来源：securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Windows Server 2019 安装 KB5062557 更新后出现集群服务异常、虚拟机频繁重启等问题。微软正为 IT 管理员提供临时解决方案，并计划在未来更新中修复。企业用户需联系微软支持获取帮助。

A vulnerability was found in MediaChance Real-DRAW PRO 5.2.4. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2012-2940. The attack can be initiated remotely. Furthermore, there is an exploit available.

作者在WWDC25期间升级到macOS 26 Beta后发现性能和界面问题，于是安装双系统回到macOS 15。通过命令行禁止索引另一个分区的文件，实现环境隔离。强调定期清理系统的重要性，并建议使用大容量硬盘。

文章描述了错误代码521的含义及其可能的原因，指出该错误通常由Web服务器无法连接到源站服务器引起。

HackerNews 编译，转载请注明出处： 澳大利亚金融监管机构已对金融服务公司Fortnum Private Wealth采取法律行动，指控该公司使客户面临不可接受的网络安全风险。 澳大利亚证券与投资委员会（ASIC）于7月21日在新南威尔士州（NSW）最高法院对这家财务咨询公司提起诉讼。 ASIC声称Fortnum Private Wealth未能制定充分的政策、框架、系统和控制措施来应对网络安全风险。 该委员会指控，这些失误导致Fortnum的许多客户和授权代表（ARs）遭遇了网络事件。 其中一起事件导致2022年9月发生了大规模数据泄露，涉及高达9828名客户的超过200GB数据。这些机密信息随后被发布在暗网上。 在多次事件中，威胁行为者成功访问了授权代表的电子邮件账户，并利用这些账户向客户发送网络钓鱼邮件。 这些事件大多发生在Fortnum于2021年4月推出一项具体的网络安全政策之后。ASIC辩称，该政策不足以有效管理网络安全风险，尤其对于一家负责处理高度敏感客户数据的金融服务公司而言。 该政策后来在2023年5月进行了修订。 诉讼中强调的主要网络安全失误包括： 未要求授权代表接受规定的最低限度的网络安全教育或培训； 未能监督或监控其授权代表的网络安全风险管理框架； 未配备拥有网络安全专业知识和经验的员工，也未聘请专业顾问协助制定其网络安全政策； 未能建立解决网络安全问题的风险管理系统，或未能制定可识别和评估其所有授权代表网络安全风险的政策、框架、系统或控制措施。 ASIC主席乔·隆戈（Joe Longo）评论道：“Fortnum涉嫌未能充分管理网络安全风险，使该公司、其代表及其客户暴露在不可接受的网络攻击风险水平之下。”他补充说：“ASIC一直在强调公司的网络安全责任。尤其是澳大利亚金融服务持牌机构，持有大量敏感和机密信息。” ASIC表示，正在寻求法院宣布Fortnum的违规行为，并对该公司处以经济处罚。 Fortnum首席执行官马特·布朗（Matt Brown）在Financial Newswire发表的声明中表示，该公司“强烈反驳”ASIC关于其未能实施适当网络安全控制的指控。布朗补充道：“由于此事现已进入法庭程序，Fortnum目前无法进一步置评。”       消息来源：infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Linux Kernel up to 6.11.1. It has been declared as critical. Affected by this vulnerability is the function tcp_rto_delta_us. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-47684. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.53/6.10.12/6.11.1. Affected by this issue is the function bpf_uprobe_multi_link_attach. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-47675. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel. This vulnerability affects the function aoecmd_cfg_pkts of the component ATA over Ethernet Driver. The manipulation leads to use after free. This vulnerability was named CVE-2023-6270. An attack has to be approached locally. There is no exploit available.

A vulnerability was suspected in Linux Kernel up to 6.11.1. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.47. Affected is the function cx23885_vdev_init. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52918. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.5.8 and classified as critical. Affected by this vulnerability is the function send_acknowledge of the component nfc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2023-52919. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.11. It has been classified as critical. This affects the function btrfs_qgroup_inherit of the file include/linux/sched/mm.h. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-49033. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.157/5.15.81/6.0.11. It has been classified as critical. Affected is the function max_entries of the component libbpf. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2022-49030. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.11. It has been rated as problematic. Affected by this issue is the function afe4404_read_raw/afe4404_write_raw. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-49032. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.157/5.15.81/6.0.11. It has been rated as problematic. Affected by this issue is the function iavf_init_module. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2022-49027. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

铠侠推出全球容量最大的固态硬盘LC9，E3.L版本提供245.76TB存储容量，采用BiCS8 2Tb 3D QLC NAND技术及高密度封装工艺。该硬盘支持PCIe 5.0接口，顺序读写速度分别为12GB/s和3GB/s，并具备高可靠性和数据保护功能。

文章描述了错误代码521的原因及其解决方法。该错误通常由Cloudflare与目标服务器之间的连接问题引起，常见于服务器配置错误或网络中断。用户可通过检查服务器状态、验证DNS设置或联系网络管理员来解决问题。