Aggregator

公安部会同国家发展和改革委员会、工业和信息化部、中国人民银行联合印发了《电信网络诈骗及其关联违法犯罪联合惩戒办法》

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address multiple vulnerabilities, including a high-severity issue that could allow attackers to escalate privileges via compromised tokens. The company strongly advises all self-managed GitLab installations to upgrade immediately to the […]

The post Critical Gitlab Vulnerability Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

大赛报名：https://pwn.butian.net/

大赛报名：https://pwn.butian.net/

大赛报名：https://pwn.butian.net/

大赛报名：https://pwn.butian.net/

大赛报名：https://pwn.butian.net/

大赛报名：https://pwn.butian.net/

Hitachi Energyが提供する複数の製品には、複数の脆弱性が存在します。

A vulnerability, which was classified as critical, was found in Zabbix up to 5.0.42/6.0.32/6.4.17/7.0.1rc1. This affects an unknown part of the component API Endpoint. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-36467. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Internal Linking for SEO Traffic & Ranking Plugin up to 1.2.1 on WordPress. Affected by this issue is the function post_id. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-11009. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Cimatti Contact Forms Plugin up to 1.9.2 on WordPress. Affected by this vulnerability is the function process_bulk_action. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-10521. The attack can be launched remotely. There is no exploit available.

澳大利亚众议院周三以 102 票对 13 通过了禁止 16 岁以下儿童使用社媒的法案。澳主要政党都支持该法案， 如果 TikTok、Facebook、Snapchat、Reddit、X 和 Instagram 等社媒平台因未能系统性阻止儿童持有账户，它们将面临最高 5000 万澳元的罚款。如果该法案本周成为法律，社媒平台有一年时间研究如何实施年龄限制。为加强隐私保护，社媒平台不得强迫用户提供政府签发的身份证明文件如护照或驾照，平台也不能要求通过一个政府系统进行数字身份识别。澳参议院将在周三晚些时候讨论该法案，主要政党的支持基本上确保了该法案将会在参议院获得通过。

A vulnerability classified as problematic has been found in FFmpeg. Affected is an unknown function of the component HLS XBIN Demuxer. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2023-6604. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in FFmpeg. It has been rated as problematic. This issue affects some unknown processing of the component HLS EXT-X-MAP. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2023-6603. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in FFmpeg. It has been declared as problematic. This vulnerability affects unknown code of the component HLS Playlist Handler. The manipulation leads to encoding error. This vulnerability was named CVE-2023-6602. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in FFmpeg. It has been classified as critical. This affects an unknown part of the component HLS. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2023-6601. It is possible to initiate the attack remotely. There is no exploit available.

Authors:(1) Limeng Zhang, Centre for Research on Engineering Software Technologies (CREST), The Un

Authors:(1) Limeng Zhang, Centre for Research on Engineering Software Technologies (CREST), The Un