Aggregator

前红队成员开发的欺骗平台提供免费安全令牌服务，包括AWS密钥、S3令牌和SSH私钥等，用于检测内部泄露。用户注册后可获取令牌并放置在敏感位置，一旦被使用将触发警报并提供详细信息如IP地址和时间戳。该服务旨在帮助发现潜在安全漏洞。

A vulnerability, which was classified as very critical, was found in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1. Impacted is an unknown function of the component Webservice. Such manipulation leads to command injection. This vulnerability is traded as CVE-2023-29473. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1. It has been classified as very critical. This affects an unknown function of the component Inventory. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-29474. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1. It has been declared as very critical. This impacts an unknown function of the component Inventory. The manipulation results in command injection. This vulnerability was named CVE-2023-29475. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in libxml2. The affected element is the function xmlDictComputeFastKey of the component Hash Handler. Executing manipulation can lead to double free. This vulnerability is handled as CVE-2023-29469. The attack can only be done within the local network. There is not any exploit available.

探讨AI使用计算机的能力及其评估基准，分析现状与未来发展方向。

qqqa 是一个命令行工具，在终端中直接提问并获得答案，支持 macOS、Linux 和 Windows。qq 用于快速回答问题，qa 可执行生成的命令。

Submit #705321 / VDB-327014

Submit #705315 / VDB-327014

A vulnerability categorized as problematic has been discovered in SageMath FlintQS 1.0. This issue affects some unknown processing of the component TMPDIR Handler. The manipulation results in Local Privilege Escalation. This vulnerability is known as CVE-2023-29465. Attacking locally is a requirement. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability described as problematic has been identified in Zoho ManageEngine ServiceDesk Plus up to 14104. Affected by this vulnerability is an unknown functionality. The manipulation results in xml external entity reference. This vulnerability was named CVE-2023-29443. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability marked as problematic has been reported in Zoho ManageEngine Applications Manager up to 16390. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-29442. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic has been found in Red Bull FC Red Bull Salzburg App up to 5.1.9-R. Affected by this issue is some unknown functionality. Performing manipulation results in improper authorization in handler for custom url scheme. This vulnerability is cataloged as CVE-2023-29459. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #705316 / VDB-327014

Submit #705318 / VDB-327015

Submit #705317 / VDB-327014

Вебинар Positive Technologies состоится 11 декабря в 14:00.

2025 年的技术工程艾美奖授予了 AV1 编解码器，以表彰其对全球视频内容传输的影响。在 2010 年代中期，视频编解码器是 Web 的隐形税，建立在封闭的授权系统基础之上，费用昂贵且难以预测。当时的大部分网络视频使用 H.264 编解码器，开源浏览器如 Firefox 依赖于思科的 OpenH.264 模块免于支付授权费。随着网络视频需求的增长，亟需新一代编解码器去实现更快更可靠的高质量串流。为避免生态系统的分裂，Mozilla 等在 2015 年联合成立了 Alliance for Open Media(AOM)合作开发下一代视频编解码器 AV1，AV1 融合了 Google 的 VP9、Mozilla 的 Daala 和思科的 Thor 技术。AV1 于 2018 年发布，下一代 AV2 也即将发布。

In this Help Net Security interview, Stefan Braun, CISO at Henkel, discusses how smart manufacturing environments introduce new cybersecurity risks. He explains where single points of failure hide, how attackers exploit legacy systems, and why monitoring must adapt to mixed-generation equipment. His insights show why resilience depends on visibility, autonomy, and disciplined vendor accountability. What’s the most common architectural pattern you see that inadvertently creates a “single point of operational failure” in smart manufacturing environments? … More →

The post Henkel CISO on the messy truth of monitoring factories built across decades appeared first on Help Net Security.

感谢各位安全专家长期关注阿里巴巴集团安全，帮助阿里云先知提高阿里巴巴集团和客户安全水平，保障数亿用户的安全！