Aggregator

Чтобы обмануть чат-бота, нужно мыслить, как чат-бот.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been declared as problematic. This vulnerability affects the function MAX_RW_COUNT. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-46748. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been declared as problematic. This vulnerability affects the function MAX_RW_COUNT. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-46748. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9 and classified as problematic. Affected by this issue is the function cougar_report_fixup. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-46747. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been classified as critical. This affects the function netem_dequeue. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-46800. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.50/6.10.9 and classified as critical. Affected by this vulnerability is the function btnxpuart_flush of the component Bluetooth. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-46749. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9 and classified as problematic. Affected by this issue is the function cougar_report_fixup. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-46747. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.10.9. Affected is the function sys_rtas of the component Speculative Execution. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-46774. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.9. This issue affects the function of_irq_parse_raw. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-46743. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.10.9. This vulnerability affects the function pci_bus_lock of the file drivers/pci/pci.c. The manipulation leads to deadlock. This vulnerability was named CVE-2024-46750. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.10.9. This affects the function bpf_test_run. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2024-46754. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been rated as critical. Affected by this issue is the function get_stashed_dentry of the component libfs. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-46801. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.9. It has been declared as critical. Affected by this vulnerability is the function snd_pcm_suspend_all. The manipulation leads to use after free. This vulnerability is known as CVE-2024-46798. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.50/6.10.9. It has been classified as problematic. Affected is the function queued_spin_lock_slowpath. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-46797. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.50/6.10.9 and classified as critical. This issue affects the function smb2_set_path_size of the component SMB Client. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-46796. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which is

PlainID announces the PlainID Authorizer for Zscaler, available via PlainID SaaS Authorization Management, centralizes policy management for Zscaler and SaaS applications and tools. Zscaler and other SASE (Secure Access Service Edge) solutions have made significant strides in integrating identity-aware controls into their authorization frameworks – marking a crucial step forward. However, more can be done to address a critical gap. It’s imperative that any security enforcement point responsible for managing network connectivity must also align … More →

The post PlainID introduces identity security for Zscaler appeared first on Help Net Security.

2024.09.28 09:00 - 09.30 09:00，SCTF 2024 即将启航