Aggregator

2024年11月19日，2023年度北京市科学技术奖励大会隆重举行。芯盾时代创始人孙悦作为“面向业务安全的动态 […]

在数字化转型浪潮下，数据已成为企业最宝贵的资产，随着企业积累的数据资产日益庞大，数据安全问题也日益凸显：一方面 […]

A vulnerability, which was classified as critical, has been found in Apache HTTP Server up to 2.4.54. This issue affects some unknown processing of the component mod_proxy_ajp. The manipulation leads to http request smuggling. The identification of this vulnerability is CVE-2022-36760. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle Communications Unified Assurance up to 5.5.10/6.0.2. This issue affects some unknown processing of the component Core. The manipulation leads to http request smuggling. The identification of this vulnerability is CVE-2022-36760. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle HTTP Server 12.2.1.4.0. This affects an unknown part of the component SSL Module. The manipulation leads to http response splitting. This vulnerability is uniquely identified as CVE-2022-37436. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Apache HTTP Server up to 2.4.54. Affected is an unknown function. The manipulation leads to http response splitting. This vulnerability is traded as CVE-2022-37436. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server up to 2.4.54 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2006-20001. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Session Report Manager 9.0.0/9.0.1. It has been rated as very critical. Affected by this issue is some unknown functionality of the component FEServer. The manipulation leads to http request smuggling. This vulnerability is handled as CVE-2023-25690. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Enterprise Manager Ops Center 12.4.0.0. It has been rated as very critical. This issue affects some unknown processing of the component Networking. The manipulation leads to http request smuggling. The identification of this vulnerability is CVE-2023-25690. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as very critical, was found in Oracle HTTP Server 12.2.1.4.0. Affected is an unknown function of the component SSL Module. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2023-25690. It is possible to launch the attack remotely. There is no exploit available.

即使你从未关注过联盟和部落在艾泽拉斯的战争，你很可能也听说过《魔兽世界》。这款 MMORPG 游戏超越了游戏范畴，成为了一种流行文化现象。本世纪初，MMORPG 的典型代表是《无尽的任务》，其巅峰期有大约 55 万玩家。《魔兽世界》于 2004 年 11 月上线，不到一年时间其订阅玩家数就达到 600 万，六年后达到了 1200 万。通过订阅和内购，暴雪赚取了数十亿美元。二十年后，《魔兽世界》仍然是暴雪的一个重要的收入来源。《魔兽世界》证明了订阅制的可行性；在社交媒体诞生前，游戏内的公会就形成了一种社交网络，很多人从中体验了社交网络的未来。当时 Facebook 还只在大学里流行，家庭宽带网络刚刚起步。《南方公园》制作的《要爱，不要魔兽世界》一集还为它赢得了艾美奖。

In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterprise-grade maturity, reliability, and transparency. Domas also shares key factors organizations should prioritize in open-source adoption to enhance security and balance innovation with stability. What are the biggest misconceptions about open-source security, and how can community members and professionals work … More →

The post Debunking myths about open-source security appeared first on Help Net Security.

警察能解锁的手机

A vulnerability was found in Elasticsearch Elastic Cloud Enterprise. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component API. The manipulation leads to permission issues. This vulnerability is known as CVE-2021-22146. The attack can only be done within the local network. Furthermore, there is an exploit available.