Aggregator

1. 推送「新、热、赞」，帮部分人阅读提效2. 学有精读浅读深读，艺有会熟精绝化，觉知此事重躬行。推送只在浅读预览3. 机读为主，人工辅助，每日数万网站，10w推

A vulnerability was found in Twisted up to 23.9.x. It has been declared as problematic. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to http request smuggling. This vulnerability was named CVE-2023-46137. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Twisted up to 24.3.0. It has been classified as critical. This affects an unknown part of the component HTTP Request Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2024-41671. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Element Manager up to 9.0.2.0.1. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Security. The manipulation leads to deserialization. This vulnerability is handled as CVE-2023-46604. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in Oracle Communications Session Report Manager up to 9.0.2.0.1. This vulnerability affects unknown code of the component Security. The manipulation leads to deserialization. This vulnerability was named CVE-2023-46604. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Banking APIs 22.1.0/22.2.0. It has been rated as very critical. Affected by this issue is some unknown functionality of the component IDM - Authentication. The manipulation leads to deserialization. This vulnerability is handled as CVE-2023-46604. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as very critical, has been found in Oracle Banking Digital Experience 22.1.0/22.2.0. This issue affects some unknown processing of the component UI General. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2023-46604. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Financial Services Analytical Applications Infrastructure up to 8.1.2. It has been classified as very critical. This affects an unknown part of the component Infrastructure. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2023-46604. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Oracle Enterprise Data Quality 12.2.1.4.0. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component General. The manipulation leads to deserialization. This vulnerability is known as CVE-2023-46604. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Apache ActiveMQ and ActiveMQ Legacy OpenWire Module up to 5.15.15/5.16.6/5.17.5/5.18.2. This vulnerability affects unknown code of the component OpenWire Protocol Handler. The manipulation leads to deserialization. This vulnerability was named CVE-2023-46604. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache ActiveMQ up to 5.16.5/5.17.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest. The manipulation leads to deserialization. This vulnerability is known as CVE-2022-41678. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Open-Xchange Server 6.20.7/6.22.0/6.22.1. This vulnerability affects unknown code. The manipulation of the argument arbitrary leads to cross site scripting. This vulnerability was named CVE-2013-1646. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

•  Red Hat 警告 NetworkManager-libreswan 中存在提权漏洞 CVE-2024-9050Newly Discovered Libreswan Client Plugin

A vulnerability was found in Logpoint up to 7.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Template Handler. The manipulation leads to injection. This vulnerability is handled as CVE-2022-48684. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in LOGINT LoMag Inventory Management up to 1.0.20.120. Affected by this issue is some unknown functionality of the file UserClass.cs. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-32211. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in SAP SAPCAR. It has been classified as problematic. Affected is an unknown function of the component File Extraction Handler. The manipulation of the argument Filename as part of Archive File leads to unchecked return value. This vulnerability is traded as CVE-2016-5845. An attack has to be approached locally. Furthermore, there is an exploit available.

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security
Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient data security solutions.

How Might Election Outcome Affect HHS' Healthcare Cyber Work?
Regardless of who wins the upcoming Presidential election, one thing is apparent: As the final months of the Biden administration wrap up, regulators at the agency charged with enforcing HIPAA are racing to complete unfinished work they deem as critically important to healthcare sector cyber.

Rust-Based Ransomware Employs Aggressive Anti-Detection Tactics
Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders knowledge. The same group disrupted London hospitals in a July attack.

FBI Probing 'Specific Malicious Activity Targeting' Telecommunications Providers
The FBI said Friday afternoon it is investigating Chinese nation-state hacking of commercial telecommunications infrastructure following a news report that Beijing actors targeted data from phones used by Republican presidential nominee Donald Trump and his running mate, Ohio Sen. JD Vance.