Aggregator

Submit #591960 / VDB-311620

A vulnerability was found in Linux Kernel up to 6.14.8. It has been rated as problematic. Affected by this issue is the function bcm_can_tx of the component can. The manipulation of the argument Count leads to out-of-bounds read. This vulnerability is handled as CVE-2025-38004. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #591910 / VDB-311619

Submit #591726 / VDB-289705

Name: TJCTF 2025 (an TJCTF event.)
Date: June 6, 2025, noon — 08 June 2025, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://tjctf.org/
Rating weight: 51.29
Event organizers: tjcsc

Пока Госдеп США стоит на ушах, преступник спокойно коротает дни в Краснодаре.

注重隐私的开源移动操作系统 /e/OS 释出了 3.0 版本。/e/OS 是移除了 Google 应用的 LineageOS 分支，由法国非营利组织 e Foundation 开发。/e/OS 3.0 支持的设备有限，其中最著名的除了 Google Pixel 系列智能手机外就是荷兰的模块化手机 Fairphone 5。/e/OS 3.0 的变化包括：改进了隐私工具，用户每周日可以查看设备上的跟踪活动汇总；Find my Device，通过短信发送密码获得自己设备的地理位置；应用库包含 F-Droid 的最新应用；Android 安全补丁更新到 2025 年 5 月，等等。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One Attacker exploits misconfigured AI tool to run AI-generated payload   Crocodilus Mobile Malware: Evolving Fast, Going Global   How Threat Actors Exploit Human Trust: A Breakdown of the […]

Google Play Store 中的应用数减少了 47%，一大原因可能就是不兼容导致大量应用下架。而不兼容的问题与 Google 本身紧密关联。Android 应用开发者抱怨维护 Android 应用所面临越来越大的挑战。举例来说，用 Java 开发的项目如果依赖了用 Kotlin 开发的库会遇到兼容性问题，除非项目用 Kotlin 重写；开源媒体播放器库 ExoPlayer 的 V1 与 V2 不兼容，ExoPlayer 正被不兼容的 media3 所取代；Google Ads library v24 停止支持 Android API 21，而 API 21 仍然有 400 万用户；Material 3 取代了 Material 2，但 Google 没有提供清晰的 迁移指南；Android API 版本号与 Android 版本不一致，开发者文档也经常会将两者混淆在一起；重要的第三方开源库被弃用或不再维护；Google 经常会做出破坏兼容性的决策。

Вместо лайков — шлемы, вместо ленты — боевые интерфейсы.

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from […]

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 33

Currently trending CVE - Hype Score: 1 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

A vulnerability was found in Jnmsolutions Guestbook 3.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-2440. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in zlib 4.4.2 and classified as problematic. Affected by this vulnerability is the function copy of the file file.c. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2006-1608. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.