Aggregator

A vulnerability was found in Samsung Notes 2.0.02.31/4.2.00.22/4.2.04.27/4.3.14.39/4.4.15. It has been classified as critical. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-34660. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Notes up to 4.4.21.61 and classified as problematic. Affected by this issue is some unknown functionality of the component ASLR. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-34658. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Samsung Notes 2.0.02.31/4.2.00.22/4.2.04.27/4.3.14.39/4.4.15 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal: '.../...//'. This vulnerability is known as CVE-2024-34656. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Samsung Devices. Affected is an unknown function of the component UniversalCredentialManager. The manipulation leads to incorrect use of privileged apis. This vulnerability is traded as CVE-2024-34655. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Samsung Devices. This issue affects some unknown processing of the component My Files. The manipulation leads to improper export of android application components. The identification of this vulnerability is CVE-2024-34654. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samsung Devices. This vulnerability affects unknown code of the component My Files. The manipulation leads to path traversal. This vulnerability was named CVE-2024-34653. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Devices. This affects an unknown part of the component My Files. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-34651. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been rated as problematic. Affected by this issue is some unknown functionality of the component CocktailbarService. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2024-34650. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Multitasking Framework. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-34649. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been classified as problematic. Affected is an unknown function of the component DualDarManagerProxy. The manipulation leads to incorrect use of privileged apis. This vulnerability is traded as CVE-2024-34647. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

德国空中交通管制机构确认遭受网络攻击 负责国家空中交通管制的德国国有公司德国航空安全公司 (Deutsche Flugsicherung) 已确认遭受网络攻击。 此次攻击的性质尚不清楚。一名新闻官周一告诉 Recorded Future News，此次事件影响了公司的管理 IT 基础设施。 该发言人表示：“是否可以访问、以及可以访问哪些数据仍在调查中”，并补充说该国安全部门已获悉此事。 他们强调，德国的飞行安全“有充分的保障”，空中交通管制作业未受到影响。 德国联邦信息安全局（BSI）正在处理该事件。 据巴伐利亚广播公司报道，该事件怀疑是由俄罗斯军事情报机构 GRU 旗下的威胁行为者 APT28 引发的。 BSI 的一位发言人表示，该机构正在为受影响的人提供支持，并正在与其他部门密切对话。他们拒绝就事件的更多细节发表评论。 英国伦敦交通局披露正在发生的“网络安全事件” 伦敦交通局 (TfL) 是该市的交通管理部门，目前正在调查一起正在进行的网络攻击，但尚未影响其服务。 该机构表示，目前没有证据表明客户信息在该事件中遭到泄露。 伦敦交通局的客户信息团队早些时候通过电子邮件和今天在网上发布的声明中警告客户：“我们目前正在处理一起正在发生的网络安全事件。目前，没有证据表明任何客户数据遭到泄露，并且这对交通局的服务也没有影响。” 伦敦交通局还向相关政府机构（包括国家犯罪局和国家网络安全中心）报告了此次攻击，并与他们密切合作，以应对并控制事件的影响。 该机构补充道：“我们的系统和客户数据的安全对我们来说非常重要，我们已立即采取行动，防止任何人进一步访问我们的系统。” 伦敦交通局首席技术官沙希·维尔马 (Shashi Verma) 在给 BBC 的一份声明中表示：“我们已经对内部系统采取了一系列措施，以应对正在发生的网络安全事件。”   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/7x05ZPJhFlbWEHmI2RxHcA 封面来源于网络，如有侵权请联系删除

A vulnerability was found in Samsung Devices and classified as critical. This issue affects some unknown processing of the component DualDarManagerProxy. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-34646. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Samsung Devices and classified as problematic. This vulnerability affects unknown code of the component ThemeCenter. The manipulation leads to improper input validation. This vulnerability was named CVE-2024-34645. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Samsung Devices. This affects an unknown part of the component One UI Home. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-34642. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Samsung Devices. Affected by this issue is some unknown functionality. The manipulation leads to improper export of android application components. This vulnerability is handled as CVE-2024-34641. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samsung Devices. Affected by this vulnerability is an unknown functionality of the component BGProtectManager. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-34640. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Devices. Affected is an unknown function of the component Setupwizard. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is traded as CVE-2024-34639. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been rated as problematic. This issue affects some unknown processing of the component ThemeCenter. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2024-34638. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as problematic. This vulnerability affects unknown code of the component KnoxMiscPolicy. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability was named CVE-2024-34648. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Samsung Notes. It has been classified as critical. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-34657. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.