Aggregator

error code: 521

地球经历过很多不同的地质阶段，其中之一被称为“雪球地球（Snowball Earth）”，整个地球被冰雪覆盖。但雪球地球何时发生仍是未解之谜。英国伦敦大学学院的研究人员在苏格兰的一块露出地面的岩石中发现证据，表明地球是在大约 7.17 亿年前从热带地质阶段过渡到雪球地质阶段。为何地球会变成为冰雪之球？原因可能是太阳辐射突然减少导致地球经历了一次漫长的冬天，引发了雪球效应。辐射减少，形成了更多的冰，冰将照射到地球上的阳光反射到太空，导致其继续变冷，形成了更多的冰。地球大约是在 6.35 亿年前开始解冻。

各位 Buffer 周末好，以下是本周「FreeBuf周报」，我们总结推荐了本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！热点资讯1. 为推送定制化广告，福特汽车新专利

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance OS Command Injection Vulnerability CVE-2024-8190 (CVSS score of 7.2) to its Known Exploited Vulnerabilities (KEV) catalog. This week, Ivanti warned that recently patched flaw […]

A vulnerability has been found in Microsoft Windows and classified as problematic. Affected by this vulnerability is an unknown functionality of the component XML Core Services. The manipulation leads to information disclosure. This vulnerability is known as CVE-2017-0022. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Microsoft Windows. Affected is an unknown function of the component DirectShow. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2017-0042. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

主站 分类 漏洞 工具 极客

A vulnerability was found in GitLab Enterprise Edition up to 17.1.6/17.2.4/17.3.1. It has been rated as problematic. This issue affects some unknown processing of the component Private Project Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-4660. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 17.1.6/17.2.4/17.3.1. Affected is an unknown function of the component Atom Endpoint. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is traded as CVE-2024-6389. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mirapolis LMS 4.6.x. Affected is an unknown function. The manipulation of the argument ID/STEP leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-25270. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.10.7. It has been declared as critical. Affected by this vulnerability is the function ucsi_unregister. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-46691. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.7 and classified as problematic. Affected by this vulnerability is the function states_show of the file /proc/fs/nfsd/clients/2/states. The manipulation of the argument sc_type leads to state issue. This vulnerability is known as CVE-2024-46682. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in TutorialCMS. This affects an unknown part of the file browseSubCat.php. The manipulation of the argument catFile leads to sql injection. This vulnerability is uniquely identified as CVE-2007-2599. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Authors/Presenters:Binlin Cheng, Erika A Leal, Haotian Zhang, Jiang Mingy

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling appeared first on Security Boulevard.

顺风车原本是一个极其理想的「共享经济」模型，却因为监管、安全等多种不可控因素而酿成悲剧，甚至一度消失在人们的视野之中。近几年，我发现各大平台又重新上线了顺风车产品，恰好我又因为特殊原因，需要接受半