Aggregator

Submit #579105 / VDB-309487

Submit #579111 / VDB-309486

Submit #579104 / VDB-309485

A vulnerability classified as critical was found in Mozilla Firefox up to 138.0.3. This vulnerability affects unknown code of the component Javascript Object Handler. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-4920. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Firefox ESR up to 115.23.0. This affects an unknown part of the component Javascript Object Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-4919. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox ESR up to 115.23.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component JavaScript Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-4918. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in donetick up to 0.1.43. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component JSON Web Token Handler. The manipulation leads to insecure default variable initialization. This vulnerability is known as CVE-2025-47945. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LibreNMS up to 25.4.x. It has been classified as problematic. Affected is an unknown function of the file /poller/groups. The manipulation of the argument group name leads to cross site scripting. This vulnerability is traded as CVE-2025-47931. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in boldthemes Bold Page Builder Plugin up to 5.3.5 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation of the argument data-text leads to cross site scripting. The identification of this vulnerability is CVE-2025-3715. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 138.0.3 and classified as critical. This vulnerability affects unknown code of the component Javascript Object Handler. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-4921. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in cocotais-bot up to 1.6.1. This affects an unknown part of the component Echo Command Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2025-47948. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in pypa setuptools up to 78.1.0. Affected by this issue is some unknown functionality of the component PackageIndex. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-47273. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IBM i 7.2/7.3/7.4/7.5/7.6. Affected by this vulnerability is an unknown functionality of the component TCP IP Connectivity Utilities. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2025-33103. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

介绍Richard A. Clarke 和 Robert K. Knake 合著的《网络战争》（Cyber War）一书，初版于 2010 年。 书中探讨了网络战争的威胁、战略和防御。 作者通过回顾历史事件（如爱沙尼亚和格鲁吉亚遭受的网络攻击）以及美国军事和情报界应对网络威胁的尝试，阐述了网络战争的现实性和破坏性。 他们还讨论了网络漏洞，例如互联网基础设施、软件和硬件的固有缺陷，以及关键民用基础设施（特别是电网）对网络攻击的依赖性。 最后，文本提出了建立强大的网络防御体系，包括保护关键基础设施和考虑国际协议以防止网络冲突。 你想啊，只要几行代码，可能一个国家的电网就瘫痪了，或者金融市场瞬间冻结。 这可不是科幻片，这正是我们今天要聊的《网络战争》这本书里揭示的现实。今天我们就是要为你深入解读这本书，看看这场看不见的战争到底是怎么回事，帮你快速抓住核心威胁，理解我们为什么可能如此脆弱，以及真正难点在哪儿。 ⸻ 这本书的核心观点是：网络空间已经成了一块全新的战场，而且规则跟以往完全不同。它描绘的冲突没有硝烟，但破坏力却惊人。书里震撼地指出：网络战不是将来时，而是进行时。 • 例如书中提到 2007 年以色列空袭叙利亚。当时叙利亚花大价钱买了防空系统，为什么几乎没反应？书里分析，以色列极有可能先用网络攻击瘫痪或欺骗了叙利亚的雷达系统，战机才能长驱直入。网络攻击从根本上改变了攻防态势，让传统军事实力要么效果倍增，要么彻底失效。 • 再如爱沙尼亚（2007）和格鲁吉亚（2008）遭遇的大规模网络瘫痪：银行、政府网站全都无法访问——这是典型的 DDoS（分布式拒绝服务）攻击。攻击者操纵庞大的僵尸网络 (botnet) 同时访问目标服务器，一举将其冲垮。这类攻击的规模与协同性，很可能源自具备国家背景的组织；他们或许早在和平时期就做着战争准备。 ⸻ 书中提出一个令人担忧的问题：美国的极端脆弱性。 我们对网络的依赖极高，反而成了最易被攻击的目标。 • 关键基础设施（如电网控制系统，即 SCADA 系统）大多已经联网，这等于把命门暴露出来。 • 这些系统控制的是发电厂涡轮机、变电网开关、水坝阀门等实体设备，一旦被黑客远程操纵，就可能导致大停电、交通信号失控、金融交易中断——绝非危言耸听。 • 脆弱性不仅因为联网，还有更深层两点：① 软件系统过于复杂，代码漏洞防不胜防；② 全球化供应链——芯片和硬件大量在海外生产，存在被预植后门的风险。我们的最大优势（高度发达的数字网络）恰恰也是最大软肋。 ⸻ 为何防御如此困难？ 书里点出几个原因： 1. 隐蔽性——攻击往往看不见：数据被窃、系统被渗透，受害者可能长期不知情。 2. 修复成本高——补丁、加固都需巨额投入。 3. 责任真空——政府认为企业应自保，企业觉得国防应归政府，结果互相推诿。 书中提出“防御三件套”构想：保护互联网骨干、加固关键基础设施、护卫国防网络。听上去很好，但落实需要巨大的政治决心和资源投入，现实推进缓慢。 ⸻ 除了直接瘫痪系统，书里也花大量篇幅谈网络间谍活动： F‑35 战机项目被大量窃取数据意味着，敌手可能不费几十年研发就获得我们的技术优势——这在战略上极具颠覆性。更阴险的是：攻击者往往在窃密的同时，向系统植入逻辑炸弹或后门，为未来攻击做准备，间谍与破坏的界限变得极其模糊。 ⸻ 总体结论 《网络战争》描绘的图景相当严峻： • 网络威胁真实存在，且已深入渗透到金融、电力、交通等生命线系统。 • 我们的高度依赖带来巨大风险，而有效防御体系仍在建设中。 • 网络空间的冲突正在彻底模糊和平与战争的界限：攻击可能早已潜伏在我们身边，只等触发时机。 ⸻ 留给你的思考 书里暗示：在网络世界追踪攻击源（溯源）极其困难。 如果一次重大网络攻击真的发生，而我们无法百分百确定幕后黑手，那时又该如何做出恰当回应？这正是网络时代带来的独特困境——至今仍没有标准答案。

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.30. This affects an unknown part of the component Optimizer. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-39408. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle MySQL Server up to 8.0.30. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to denial of service. This vulnerability was named CVE-2022-39410. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle MySQL Server up to 8.0.31 and classified as critical. Affected by this issue is some unknown functionality of the component DML. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-21836. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle MySQL Server up to 8.0.31. It has been declared as critical. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to denial of service. This vulnerability was named CVE-2023-21863. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle MySQL Server up to 8.0.30. Affected by this issue is some unknown functionality of the component InnoDB. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-21637. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.30. This affects an unknown part of the component Optimizer. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-21640. It is possible to initiate the attack remotely. There is no exploit available.