Aggregator

Election Security / CybercrimeU.S. federal prosecutors on Friday unsealed criminal charges against

Arch Linux 项目负责人 Levente Polyak 在邮件列表上宣布与 Valve 建立直接合作关系。Valve 将在两个方面支持 Arch Linux 项目：构建服务基础设施和安全签名 Enclave。这一消息并不令人惊讶或出人意料，由于 Steam Deck 掌机使用的发行版 SteamOS 是基于 Arch Linux，而 Steam Play/Proton 利用了 Wine 项目，Valve 资助了大量开源项目，与上游发行版更紧密合作富有意义。

A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. This vulnerability was named CVE-2024-9326. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #414107 / VDB-278820

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2024-9325. It is possible to launch the attack on the local host. There is no exploit available. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. This vulnerability is handled as CVE-2024-9324. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

Submit #414058 / VDB-278830

Submit #385397 / VDB-278829

Submit #375614 / VDB-278828

内部备忘录显示，戴尔要求全球销售团队员工从 9 月 30 日起每周在办公室工作五天。此举旨在促进合作和技能开发。戴尔在备忘录中表示，现场代表必须每周五天而不是之前的三天与客户、合作伙伴讨论业务，或在办公室工作。无法进驻本地戴尔办公室的远程员工将继续在家办公。

A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/add_staff.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9323. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-9322. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #413401 / VDB-278827

Submit #413337 / VDB-278826

发表在《Journal of Exposure Science & Environmental Epidemiology》期刊上的一项研究发现，人类身上发现了愈 3,600 种来自食品包装、厨具或食品加工设备的化学物质。这些化学物质存在于人类血液、头发或母乳中，其中包括已知剧毒的化合物，如 PFAS、双酚、金属、邻苯二甲酸盐和挥发性有机化合物。很多化合物与癌症、荷尔蒙紊乱等严重健康问题相关。研究作者表示需要对食品接触化学物质进行进一步审查。研究人员指出塑料带来的问题最严重，而它基本上不受监管。此外金属罐上的硅胶和涂层也可能含有有毒或未充分研究的化合物。有多种因素会导致化合物以更高速率渗透入食物，其中包括较高的温度、脂肪含量和酸度。

A vulnerability has been found in RoundCube up to 1.3.16/1.4.11 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument search/search_params leads to sql injection. This vulnerability was named CVE-2021-44026. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ruckus Wireless Admin up to 10.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forms/doLogin of the component HTTP GET Request Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2023-25717. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in VMware Aria Operations for Networks 6.x. This vulnerability affects unknown code. The manipulation leads to command injection. This vulnerability was named CVE-2023-20887. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.