Aggregator

你可能错过的新鲜事部分旧版 Windows 11 即将结束支持9 月 10 日，微软公司发布支持公告称，适用于个人和家庭用户的 Windows 11 22H2 消费者版将从下月起结束支持，鉴于停止

2024年9月11日 —— 在广东省通信管理局举办的国家网络安全宣传周电信日主题论坛上，广州锦行网络科技有限公司（简称“锦行科技”）被正式认定为广东省电信和互联网行业网络数据安全技术支撑单位。

A vulnerability was found in Oracle Utilities Framework up to 4.3.0.6.0/4.4.0.0.0. It has been classified as very critical. This affects an unknown part of the component Groovy. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2016-6814. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Скептики уже предупреждают о возможных последствиях нововведения.

Исследователи представили климатический атлас Красной планеты.

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

Cloudera launched Cloudera Private Link Network to address critical data security and privacy concerns for highly regulated organizations with strict internal data security policies. Cloudera Private Link Network provides secure, private connectivity from customer workloads to the Cloudera Control Plane, ensuring that data does not traverse the public Internet. Organizations in industries such as finance, healthcare and pharmaceuticals often face privacy challenges because providers often cannot guarantee that traffic between tenants, even within the same … More →

The post Cloudera Private Link Network helps enterprises protect their data appeared first on Help Net Security.

A vulnerability, which was classified as very critical, was found in Oracle WebCenter Sites 12.2.1.3.0. Affected is an unknown function of the component Apache Commons FileUpload. The manipulation leads to deserialization. This vulnerability is traded as CVE-2016-6814. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

本文分析了Apache OFBiz的SSRF到RCE漏洞（CVE-2024-45507）。通过复现漏洞、研究其触发条件以及影响版本，详细讲解了如何利用该漏洞进行未授权的远程代码执行，并提供了修复补丁分析和防护规则。

作者：Sunflower@知道创宇404实验室 时间：2024年9月12日 1.前言 漏洞名称：Apache OFBiz SSRF to RCE 漏洞影响：version < 18.12.16 CVE：CVE-2024-45507 据互联网上相关OFBiz漏洞PoC陆续公开，趁热拿url调试分析一下漏洞原理。 2.环境搭建 复现版本：18.12.12 执行如下代码进行下载和启动OFBi...

美国人在 2023 年使用了逾 100 万亿 MB 无线数据，比前一年增长了 36%。代表 Verizon、AT&T 和 T-Mobile 等主要无线运营商的无线行业协会 CTIA 表示，2023 年使用的无线数据比 2022 年多了 26 万亿 MB，驱动这一增长的是 5G 设备使用量在不断增长。去年无线连接总数增至 5.58 亿，比 2022 年增长 6%。频谱使用需求激增，部分原因是无人机、自动驾驶汽车、太空任务和精准农业等的无线使用量增长。美国人用于打电话的时间从 2022 年的 2.5 万亿分钟略降至 2023 年的 2.4 万亿分钟，短信数量是与前一年基本持平的 2.1 万亿条。

A vulnerability classified as problematic was found in Quick Code Plugin up to 1.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7822. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Misiek Photo Album Plugin up to 1.4.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-7817. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in MM-Breaking News Plugin up to 0.7.9 on WordPress. This affects an unknown part. The manipulation of the argument REQUEST_URI leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8056. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Adicon Server Plugin up to 1.2 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-7766. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Misiek Photo Album Plugin up to 1.4.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-7818. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MM-Breaking News Plugin up to 0.7.9 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-8054. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Visual Sound Plugin up to 1.03 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-7859. The attack can be initiated remotely. There is no exploit available.