Aggregator

Linux 6.14 возвращает старую логику планировщика задач.

A vulnerability, which was classified as problematic, was found in FlowiseAI Flowise up to 1.4.3. This affects an unknown part of the file /api/v1/public-chatflows/id of the component 404 Page. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-36423. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Easy Google Maps Plugin up to 1.11.15 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-5219. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Post Grid Plugin up to 7.7.1 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Title Tag Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1427. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0. It has been rated as critical. Affected by this issue is the function copy_column of the file libavfilter/vf_tiltandshift.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-32229. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in CocoaPods. This affects an unknown part. The manipulation leads to exposure of data element to wrong session. This vulnerability is uniquely identified as CVE-2024-38367. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in FFmpeg 7.0. This vulnerability affects the function hevc_frame_end of the file libavcodec/hevcdec.c. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-32228. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0 and classified as critical. Affected by this issue is the function load_input_picture of the file libavcodec/mpegvideo_enc.c. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-32230. The attack may be launched remotely. There is no exploit available.

英伟达一年一度的开发者大会 GTC 于 3 月 21 日闭幕，这次会议凸显了中美 AI 加速分裂。在 GTC 会场上，阿里巴巴和腾讯展示了 AI 研究成果。在线上，包括百度在内的多家中国企业，以及英伟达的华人员工，还专门举行了一场全程仅用中文交流的讨论会。英伟达 CEO 黄仁勋被问及中美对立的影响时回答：“据我观察，全球 AI 研究人员中有一半来自中国。在所有美国的 AI 研究所中，优秀的中国研究人员数量众多，绝无例外”。对于英伟达来说，如果分裂进一步加剧，其收益对美国的“依赖”可能会增强。自美国政府加强管制以来，中国市场销售额的占比一直在降低。从英伟达的中国销售额在总销售额中的占比来看，2024 财年（截至2025年1月）为总体的 13%，比 2021 财年减少了一半。

Speaker: Mishaal Khan

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Recon Village – GeoINT Mastery: A Pixel Is Worth A Thousand Words appeared first on Security Boulevard.

浙江大学赵保丹及其同事在《自然》期刊上发表论文，报告创造出最小的 LED 显示屏，其像素宽度不到 100 微米，大约相当于人类头发的宽度。研究人员还能制造出更小的 LED，其像素宽度为 90 纳米——差不多病毒的大小，连最强大的光学显微镜也难以分辨。研究人员使用了钙钛矿制造 LED 半导体，赵保丹称，她们的实验表明，钙钛矿 LED 在极小的尺寸下仍能保持合理的效率，比传统 LED 更具优势。

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 and classified as critical. This issue affects some unknown processing of the component URL Handler. The manipulation leads to path traversal: '/../filedir'. The identification of this vulnerability is CVE-2024-41765. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been classified as critical. Affected is an unknown function. The manipulation leads to missing standardized error handling mechanism. This vulnerability is traded as CVE-2024-41768. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-41767. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. This vulnerability is handled as CVE-2024-41763. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. This affects an unknown part. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2024-41766. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in KNOWAGE up to 8.1.29. Affected is an unknown function of the file DataSourceResource.java of the component SpagoBI API. The manipulation of the argument JNDI Name leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-57971. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in danielgatis rembg up to 2.0.57. This vulnerability affects unknown code. The manipulation leads to origin validation error. This vulnerability was named CVE-2025-25302. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Apple macOS up to 15.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-54565. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.