Aggregator

A vulnerability classified as problematic has been found in daniyalahmedk Fuse Social Floating Sidebar Plugin up to 5.4.10 on WordPress. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-5226. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in 10web Slider Plugin up to 1.2.57 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-7150. The attack may be initiated remotely. There is no exploit available.

在美国黑帽大会上（Black Hat USA），Bitdefender和Transilvania Quantum的研究人员将展示攻击者如何针对基于量子技术的基础设施进行攻击。

已修复

奇安信中标某大型国有银行安全测试开源组件安全评估项目，再一次彰显了奇安信在开源安全治理领域的专业实力和市场认可度，同时也反映出金融行业对于提升信息技术基础设施安全性的重视程度。

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Secure Kernel Mode. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-21302. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in HP Poly Clariti Manager up to 10.10.2.2 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-41912. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Update Stack. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-38202. It is possible to initiate the attack remotely. There is no exploit available.

想象一下，你本来出差一周，结果到了目的地之后出差时间被迫延长了八个月，这有可能是波音 Starliner 宇航员的遭遇。Starliner 飞船于 6 月 5 日完成了首次载人飞行测试，将宇航员 Butch Wilmore 和 Suni Williams 送到了国际空间站，原计划在轨停留 8 天，6 月 14 日返回，但由于飞船发现了令人担忧的推进器故障，两名宇航员一直滞留在空间站。NASA 官员表示他们正考虑用 SpaceX 飞船将两名宇航员带回地面。SpaceX 计划在 9 月执行 Crew-9 载人飞行任务，但这次只搭乘两名宇航员而不是通常的四名，Crew Dragon 飞船明年将两名 Starliner 宇航员带回地球。NASA 官员表示他们仍然在与波音合作尝试用 Starliner 飞船运送两名宇航员返回。

A vulnerability has been found in Journyx jtime 11.5.4 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is known as CVE-2024-6890. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Journyx jtime 11.5.4. Affected is an unknown function of the component Link Handler. The manipulation leads to improper neutralization of script in an error message web page. This vulnerability is traded as CVE-2024-6892. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Open WebUI 0.1.105. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-6707. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Journyx jtime 11.5.4. This vulnerability affects unknown code of the component Login Flow. The manipulation leads to code injection. This vulnerability was named CVE-2024-6891. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Journyx jtime 11.5.4. This affects an unknown part of the file soap_cgi.pyc of the component API Handler. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2024-6893. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Open WebUI 0.1.105. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-6706. The attack may be launched remotely. Furthermore, there is an exploit available.

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. Bayhealth Hospital is a technologically advanced not-for-profit healthcare system with nearly 4,000 employees and a medical staff of more than 450 physicians and 200 advanced practice clinicians. Bayhealth Medical Center, serving central and southern Delaware, […]

响应政策号召，提升安全水位。

A group of cybersecurity researchers at CISPA Helmholtz Center for Information Security recently identified three major security vulnerabilities in five commercial RISC-V CPUs, including GhostWrite, which allows an attacker to write arbitrary data from unprivileged states into any physical memory location. GhostWrite is an unprivileged instruction sequence that allows attackers to write to chosen physical […]

The post GhostWrite Vulnerability Let Hackers Read & Write Any Part of The Computer’s Memory appeared first on Cyber Security News.

Every software and operating system vendor has been implementing security measures to protect their products. This is because threat actors require a lot of time to find a zero-day but less time to find a readily available exploit for vulnerable software. This led them to the thought that they should Downgrade the latest versions to […]

The post Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems to Old Vulnerabilities appeared first on Cyber Security News.

Rapid7 раскрывает детали крайне занимательной кибератаки.