Aggregator

ProjectDiscovery的httpx v1.7.0存在远程DoS漏洞，通过返回畸形标签可触发崩溃。问题源于trimTitleTags函数中缺少边界检查导致切片越界。此漏洞影响自动化扫描工具，修复已提交。

文章探讨了Windows注册表在安全中的重要性，通过一个C++程序演示了注册表操作技术及其在攻击中的应用，强调了其在持久性、绕过检测和行为改变中的作用，并为防御提供了建议。

WhatsApp推出AI功能Message Summaries，利用Meta AI自动总结未读消息。该功能基于Private Processing技术，在安全环境中处理数据以保护隐私。目前仅在美国英语用户中上线，并计划扩展至其他地区和语言。

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to

国内外监管的关注重点

当前环境出现异常状态,需完成验证后方可继续访问。

UDPを利用するアプリケーション層のプロトコル実装において、サービス運用妨害 (DoS) の脆弱性が報告されています。

People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by combining stolen pieces of personal information such as Social Security numbers, names, and birthdates. This type of fraud is often called Frankenstein fraud because it stitches together real and fake components to form a new, convincing identity. … More →

The post When synthetic identity fraud looks just like a good customer appeared first on Help Net Security.

Genivia が提供する gSOAP ライブラリには、スタックバッファオーバーフローの脆弱性が存在します。遠隔の第三者が送信する細工された SOAP メッセージを処理することにより、任意のコードが実行される可能性があります。

A vulnerability was found in Oracle Communications Diameter Signaling Router up to 8.5.0.2 and classified as critical. This issue affects some unknown processing of the component API Gateway. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2021-37137. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Banking APIs up to 21.1. Affected is an unknown function of the component Framework. The manipulation leads to denial of service. This vulnerability is traded as CVE-2021-37137. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Banking Digital Experience up to 21.1 and classified as critical. Affected by this issue is some unknown functionality of the component Framework. The manipulation leads to denial of service. This vulnerability is handled as CVE-2021-37137. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle PeopleSoft Enterprise PeopleTools 8.57/8.58/8.59 and classified as critical. This vulnerability affects unknown code of the component Elastic Search. The manipulation leads to denial of service. This vulnerability was named CVE-2021-37137. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Commerce Guided Search 11.3.2. This issue affects some unknown processing of the component Content Acquisition System. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2021-37137. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Communications Cloud Native Core Binding Support Function 1.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Binding Support Function. The manipulation leads to denial of service. This vulnerability is known as CVE-2021-37137. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Netty up to 4.1.67. This vulnerability affects unknown code of the component Snappy Frame Decoder. The manipulation leads to resource consumption. This vulnerability was named CVE-2021-37137. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wildfly-elytron and classified as problematic. This issue affects some unknown processing. The manipulation leads to observable timing discrepancy. The identification of this vulnerability is CVE-2022-3143. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Undertow. It has been rated as problematic. Affected by this issue is some unknown functionality of the component AJP 400 Response Handler. The manipulation leads to unchecked return value. This vulnerability is handled as CVE-2022-1319. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Oracle Communications Cloud Native Core Network Repository Function 22.3.2. It has been classified as critical. This affects an unknown part of the component Installation. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-1319. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Undertow. It has been rated as problematic. This issue affects some unknown processing of the component AJP Request Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-5379. The attack needs to be approached within the local network. There is no exploit available.