Aggregator

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.

Schneider Electricが提供するWiser Home Controller WHC-5918Aには、情報漏えいの脆弱性が存在します。

ABBが提供する複数の製品には、複数の脆弱性が存在します。

全面践行总体国家安全观，充分调动各能源主体积极性，挖掘和选拔能源网络安全实战化人才，进一步筑牢能源网络安全防线，助力我国新型能源体系网络安全建设与信息化高质量发展。

全面践行总体国家安全观，充分调动各能源主体积极性，挖掘和选拔能源网络安全实战化人才，进一步筑牢能源网络安全防线，助力我国新型能源体系网络安全建设与信息化高质量发展。

Роскомнадзор советует не тянуть с уведомлением.

Видео-вирусы калечат зрение и мозг.

Critics — which include the US embassy in Zambia — contend the just-signed Cyber Security Act and the Cyber Crime Act allow suppression of dissent and too much concentration of power.

A vulnerability, which was classified as problematic, has been found in Ruby up to 2.6.7/2.7.3/3.0.1. This issue affects the function Net::FTP of the component PASV Response Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2021-31810. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in Ruby up to 2.6.7/2.7.3/3.0.1 and classified as critical. This vulnerability affects the function Net::IMAP of the component StartTLS Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2021-32066. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Oracle JD Edwards EnterpriseOne Tools up to 9.2.6.0. This vulnerability affects unknown code of the component E1 Dev Platform Tech-Cloud. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2021-32066. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.1. Affected is an unknown function of the component One-Click Provisioning. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-28756. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in RDoc up to 6.3.0. This issue affects some unknown processing of the component Filename Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2021-31799. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Каждый пятый юзает ИИ-расширения, не подозревая, что они опаснее вирусов.

A vulnerability was found in LG Simple Editor. It has been rated as critical. Affected by this issue is the function deleteCheckSession. The manipulation leads to path traversal. This vulnerability is handled as CVE-2023-40492. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability classified as problematic was found in Fattura24 Plugin up to 6.2.7 on WordPress. This vulnerability affects unknown code. The manipulation of the argument ID leads to cross site scripting. This vulnerability was named CVE-2023-5211. The attack can be initiated remotely. There is no exploit available.