Aggregator

A vulnerability was found in Linux Kernel up to 6.8.1. It has been classified as critical. Affected is the function phy_get_internal_delay of the component phy. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-27047. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Rtpengine存在严重漏洞（CVSS 9.3），允许攻击者注入任意RTP包或重定向媒体流（RTP Inject/RTP Bleed），无需中间人。即使使用SRTP，在旧版本中也未正确验证认证标签。已发布修复版本mr13.4.1.1，并建议启用heuristic学习模式和strict source标志以缓解风险。

苹果发布Safari 18.6安全更新修复多个漏洞，涉及libxml2、libxslt和WebKit组件，影响macOS Ventura和Sonoma系统。漏洞可能导致内存损坏、信息泄露或跨站脚本攻击等问题，并已向研究人员致谢。

有人在 Reddit 社区 r/HowToHack 发帖求助称有人冒充其朋友通过 iMessage 发送邮件，并使用特定邮箱地址 [email protected]。发帖人希望找到对方的 IP 地址并报警处理此事。

当前环境出现异常问题，需完成验证操作后方可继续访问相关内容。

当前环境异常，请完成验证后继续访问。

当前环境异常，需完成验证后方可继续访问。

A vulnerability was found in Linux Kernel up to 6.8.7/6.9-rc3. It has been rated as critical. This issue affects the function devm_led_classdev_register of the component r8169. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2024-27021. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.8.7/6.9-rc4. Affected by this issue is the function hugetlb_dup_vma_private of the component fork. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2024-27022. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.9-rc4. Affected by this vulnerability is an unknown functionality of the file net/bridge/br_netfilter_hooks.c of the component br_netfilter. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2024-27018. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4. It has been classified as problematic. This affects the function __nft_obj_type_get of the component nf_tables. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2024-27019. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4. It has been declared as problematic. This vulnerability affects the function __nft_expr_type_get of the component nf_tables. The manipulation leads to race condition. This vulnerability was named CVE-2024-27020. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4. This affects an unknown part of the component flowtable. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-27015. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.7/6.9-rc4 and classified as problematic. Affected by this issue is some unknown functionality of the component nft_set_pipapo. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2024-27017. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4. This vulnerability affects unknown code of the component flowtable. The manipulation leads to privilege escalation. This vulnerability was named CVE-2024-27016. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.87/6.6.28/6.8.7/6.9-rc4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mlx5e. The manipulation leads to deadlock. This vulnerability is handled as CVE-2024-27014. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4. This affects the function vhost_worker of the component tun. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-27013. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.