Aggregator

A vulnerability classified as critical was found in imgcrypt up to 1.1.3. Affected by this vulnerability is the function CheckAuthorization of the component API Extension. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2022-24778. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Go up to 1.17.10/1.18.2 and classified as problematic. Affected by this issue is the function ticket_age_add of the component TLS Handler. The manipulation of the argument random leads to observable behavioral discrepancy. This vulnerability is handled as CVE-2022-30629. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Python up to 3.10 and classified as critical. Affected by this vulnerability is an unknown functionality in the library lib/http/server.py. The manipulation leads to path traversal. This vulnerability is known as CVE-2021-28861. The attack needs to be initiated within the local network. There is no exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Go up to 1.17.8/1.18.0. Affected is an unknown function of the component crypto-elliptic. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-28327. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Go up to 1.17.9/1.18.1 and classified as problematic. Affected by this vulnerability is the function Faccessat of the component Non-zero Flag Parameter Handler. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2022-29526. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Blockchain Platform. This affects an unknown part of the component BCS Console. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-28327. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Google Go up to 1.8.0/1.17.8. This issue affects some unknown processing of the component encoding-pem. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-24675. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in emicklei go-restful up to 3.7.x. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2022-1996. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

美团单车和哈啰单车 1 5日在 app 上弹出公告称，将暂时停止郑州市的共享单车服务。哈啰单车表示，因系统全面升级，哈啰单车将于 2024 年 11 月 15 日起在郑州市暂停运营，恢复时间另行通知。用户如有需求，可进行骑行卡退款。美团单车声明称，因车辆回仓保养，美团单车将于 11 月 15 日 10 时在郑州市暂停运营，恢复时间另行通知。同时，美团单车提供暂停骑行套餐以及退款相关服务。滴滴青桔尚未发布相关停运声明。在这之前，郑州大学生夜骑开封，引发了广泛关注。

根据发表在《Organizational Behavior and Human Decision Processes》期刊上的一项研究，相比按时递交，错过截止日期递交的作品会受到更苛刻的评价，即使推迟时间很短或者提前沟通过。研究调查了英美两国的数千人，其中包括经理、高管、HR 和其他参与工作评估的职员。参与者被要求对广告传单、艺术图、商业提案、产品宣传、摄影和新闻等作品进行评分，他们首先会被告知作品是提前递交，截止日期前递交或推迟递交。结果显示，相同的作品，如果被告知是错过截止日期递交，那么相比按时或提前递交，其评价要低得多。评估者会认为该员工缺乏诚信，未来不太愿意继续合作或分配任务。提前递交作品并不会带来更好的评价。而如果推迟的原因是员工不可控制的，比如担任陪审员，那么应该让经理知道，这不会成为负面因素。

数据要素是支持数字经济高速发展、建设数字中国的关键支撑力和驱动力。国家发展改革委、国家数据局等六部委近期发布《国家数据标准体系建设指南》，有助于指导和加强数据标准化建设。

为进一步强化未成年人网络保护，营造健康安全的网络环境，国家互联网信息办公室于近日发布《移动互联网未成年人模式建设指南》，对未成年人模式建设予以具体指导。国家互联网信息办公室有关负责人就《指南》相关问题回答了记者提问。

2018年中国第一个威胁情报标准正式发布，2019年等保2.0首次对威胁情报提出要求，威胁情报这个新技术逐渐成为行业标配。在攻击手法越来越高级的网络攻防中，因为对“威胁干预”“主动防御”更能起到关键作用，威胁情报被更多企业认识并加大投入。

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞92个，影响到微软产品的其他厂商漏洞1个。

本次征求意见时间为2024年11月15日至2024年12月15日。

为进一步强化未成年人网络保护，充分发挥未成年人模式在防范网络沉迷、优化内容建设方面的积极作用，营造更加健康安全的网络环境，近日，国家互联网信息办公室发布了《移动互联网未成年人模式建设指南》。

2024年11月14日，由中国信息安全测评中心主办，中国信息产业商会信息安全产业分会承办的“网络安全漏洞研究人才培养交流活动”在北京国家会议中心成功举办。

error code: 521

最新排名