Aggregator
新型 PIXHELL 攻击利用屏幕噪音从气隙计算机中窃取数据
1 year 9 months ago
安全客
网络人员短缺仍然是 CISO 面临的最大挑战
1 year 9 months ago
安全客
CISA 确认 SonicWall 漏洞正在被利用 (CVE-2024-40766)
1 year 9 months ago
安全客
微软在 Office 2024 中禁用默认 ActiveX 控件以提高安全性
1 year 9 months ago
安全客
微软修复了 4 个被利用的零日漏洞和一个导致早期安全修复失效的代码漏洞
1 year 9 months ago
安全客
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
1 year 9 months ago
Enterprise Security / VulnerabilityIvanti has released software updates to address multiple securi
山石荣获2024羊城杯粤港澳大湾区网络安全大赛双第一
1 year 9 months ago
安研院旗下的NEURON战队获得过红帽杯、网鼎杯、第五空间、津门杯、陇警杯、长安杯、长城杯、强网拟态、羊城杯等多场次安全大的一等奖或冠军,也承办过多场次知名的安全竞赛。
От потери данных до полного контроля: топ 6 трендовых уязвимостей за август
1 year 9 months ago
Microsoft и WordPress в эпицентре угроз.
微软在最新更新中修复Windows Server服务器系统启动/卡死/性能问题
1 year 9 months ago
CVE-2024-8355 | Visteon Infotainment DeviceManager iAP Serial Number sql injection (ZDI-24-1208)
1 year 9 months ago
A vulnerability classified as critical has been found in Visteon Infotainment. Affected is an unknown function of the component DeviceManager iAP Serial Number Handler. The manipulation leads to sql injection.
This vulnerability is traded as CVE-2024-8355. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
CVE-2024-22399 | Apache Seata up to 1.8.0/2.0.0 deserialization
1 year 9 months ago
A vulnerability was found in Apache Seata up to 1.8.0/2.0.0. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to deserialization.
The identification of this vulnerability is CVE-2024-22399. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8646 | Eclipse Glassfish up to 7.0.9 redirect
1 year 9 months ago
A vulnerability was found in Eclipse Glassfish up to 7.0.9. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to open redirect.
This vulnerability was named CVE-2024-8646. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-8642 | Eclipse EDC Connector up to 0.8.x incorrect implementation of authentication algorithm
1 year 9 months ago
A vulnerability was found in Eclipse EDC Connector up to 0.8.x. It has been classified as problematic. This affects an unknown part. The manipulation leads to incorrect implementation of authentication algorithm.
This vulnerability is uniquely identified as CVE-2024-8642. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-27113 | Simple Online Planning SO Planning prior 1.52.02 Public View Setting information disclosure
1 year 9 months ago
A vulnerability was found in Simple Online Planning SO Planning and classified as problematic. Affected by this issue is some unknown functionality of the component Public View Setting Handler. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2024-27113. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-27112 | Simple Online Planning SO Planning prior 1.52.02 Public View Setting sql injection
1 year 9 months ago
A vulnerability has been found in Simple Online Planning SO Planning and classified as critical. Affected by this vulnerability is an unknown functionality of the component Public View Setting Handler. The manipulation leads to sql injection.
This vulnerability is known as CVE-2024-27112. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6091 | significant-gravitas AutoGPT up to 0.5.0 Denylist Setting os command injection
1 year 9 months ago
A vulnerability, which was classified as very critical, was found in significant-gravitas AutoGPT up to 0.5.0. Affected is an unknown function of the component Denylist Setting Handler. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2024-6091. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-45786 | Reedos Software Solutions Mutual Fund Distribution Product 2.0.1 API Endpoint authorization (CIVN-2024-0291)
1 year 9 months ago
A vulnerability, which was classified as problematic, has been found in Reedos Software Solutions Mutual Fund Distribution Product 2.0.1. This issue affects some unknown processing of the component API Endpoint. The manipulation leads to authorization bypass.
The identification of this vulnerability is CVE-2024-45786. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-45789 | Reedos Software Solutions Mutual Fund Distribution Product 2.0.1 API Endpoint mode integrity check (CIVN-2024-0291)
1 year 9 months ago
A vulnerability classified as problematic was found in Reedos Software Solutions Mutual Fund Distribution Product 2.0.1. This vulnerability affects unknown code of the component API Endpoint. The manipulation of the argument mode leads to improper validation of integrity check value.
This vulnerability was named CVE-2024-45789. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-45790 | Reedos Software Solutions Mutual Fund Distribution Product 2.0.1 API Login excessive authentication (CIVN-2024-0291)
1 year 9 months ago
A vulnerability classified as problematic has been found in Reedos Software Solutions Mutual Fund Distribution Product 2.0.1. This affects an unknown part of the component API Login. The manipulation leads to improper restriction of excessive authentication attempts.
This vulnerability is uniquely identified as CVE-2024-45790. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com