Aggregator

A vulnerability was found in Apple macOS and classified as critical. Affected by this issue is some unknown functionality. Executing manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2025-24111. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been classified as critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-24111. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2025-24111. The attack must be initiated from a local position. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple visionOS. Affected is an unknown function. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2025-24111. The attack can only be performed from a local environment. No exploit is available. You should upgrade the affected component.

A vulnerability classified as critical has been found in Apple macOS. This issue affects some unknown processing of the component App. The manipulation leads to permission issues. This vulnerability is listed as CVE-2025-24097. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in SugarCRM up to 13.0.3/14.0.0. It has been declared as critical. The affected element is an unknown function of the component API Module. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-58258. The attack can be launched remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Apple tvOS. This affects an unknown part of the component App. Performing manipulation results in permission issues. This vulnerability is identified as CVE-2025-24097. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Apple iOS and iPadOS. This vulnerability affects unknown code of the component App. Executing manipulation can lead to permission issues. This vulnerability is tracked as CVE-2025-24097. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

罗永浩如何寻找下一个令他兴奋的十年？

今年，站在浪潮的人，会在 IF 2026 相遇。

HackerNews 编译，转载请注明出处： 西班牙旗舰航空公司伊比利亚航空（Iberia）就一起与第三方供应商相关的数据泄露事件向客户发出警告。有威胁行为者宣称已窃取该航空公司 77GB 数据。 伊比利亚航空成立于 1927 年，总部位于马德里，是西班牙国家航空公司。该公司以马德里巴拉哈斯机场为枢纽，运营着庞大的国际航线网络，飞往欧洲、美洲、非洲、中东及亚洲的 140 多个城市。作为国际航空集团（IAG）的成员企业，其旗下还包括英国航空、伏林航空、LEVEL 航空及爱尔兰航空等品牌，业务涵盖客运、货运、飞机维修及机场地勤服务。 伊比利亚航空已正式披露此次安全事件，并确认部分客户信息遭泄露，包括姓名、电子邮箱及伊比利亚俱乐部（Iberia Club）会员 ID。 该公司向受影响客户发送的数据泄露通知中写道：“尊敬的客户，很遗憾地告知您，西班牙伊比利亚航空已检测到一起安全事件 —— 我们的一家供应商系统遭到未授权访问，导致部分数据的保密性受损。” “尽管伊比利亚航空已部署相关安全措施，但我们发现有证据表明客户的部分个人数据遭到未授权访问，其中可能包含您的信息。目前调查显示，泄露的数据可能包括姓名、电子邮箱地址及会员卡识别号（伊比利亚俱乐部）。” 官方明确表示，威胁行为者并未获取伊比利亚航空的客户账户权限、密码信息，且客户财务数据未受此次泄露事件影响。 消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in DPDK. It has been declared as critical. This affects the function vhost_user_set_inflight_fd of the component vhost Library. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2021-3839. The attack can only be performed from the local network. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability marked as problematic has been reported in dpdk. This issue affects some unknown processing of the component Message Handler. Performing manipulation results in resource consumption. This vulnerability is cataloged as CVE-2022-0669. The attack must originate from the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Red Hat OpenStack Platform. It has been classified as problematic. Impacted is an unknown function of the component etcd Package. Performing manipulation results in resource consumption. This vulnerability is cataloged as CVE-2024-4436. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.9/5.10/5.10.102/5.15.25/5.16.11. This impacts the function resolve_prepare_src of the component RDMA. This manipulation causes use after free. This vulnerability is registered as CVE-2022-48925. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability was found in Red Hat OpenStack Platform. It has been rated as problematic. The impacted element is an unknown function of the component etcd Package. The manipulation leads to resource consumption. This vulnerability is documented as CVE-2024-4438. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.9.4. This affects the function debugfs_remove_recursive of the component mgb4. The manipulation leads to denial of service. This vulnerability is documented as CVE-2024-39465. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

Китайские ученые предупреждают, что в будущих войнах за контроль над орбитой придется платить тысячами дронов и тоннами радиошума.

HackerNews 编译，转载请注明出处： SolarWinds 修复了其 Serv-U 文件传输解决方案中的三个关键漏洞，这些漏洞可能允许远程代码执行。 第一个漏洞，追踪编号为 CVE-2025-40549（CVSS 评分 9.1），是一个影响 Serv-U 的路径限制绕过问题。拥有管理员权限的攻击者可利用此漏洞在目录上执行代码。公告中写道：”Serv-U 中存在一个路径限制绕过漏洞，若被滥用，可能使拥有管理员权限的恶意行为者具备在目录上执行代码的能力。””滥用此问题需要管理员权限。在 Windows 系统上，由于路径和主目录处理方式的差异，该漏洞评级为中等。” 该公司修复的第二个漏洞，追踪编号为 CVE-2025-40548（CVSS 评分 9.1），是一个访问控制缺陷，可导致远程代码执行漏洞。公告中写道：”Serv-U 中存在一个缺失的验证过程，若被滥用，可能使拥有管理员权限的恶意行为者具备执行代码的能力。””滥用此问题需要管理员权限。在 Windows 部署环境中，由于服务默认通常在权限较低的服务账户下运行，该风险被评为中等。SolarWinds 指出，CVE-2025-40547 和 CVE-2025-40548 在 Windows 系统上仅具有中等严重性，因为受影响的服务通常在低权限账户下运行。 第三个漏洞，CVE-2025-40547（CVSS 评分 9.1），是 Serv-U 中的一个逻辑错误漏洞。拥有管理员权限的攻击者可利用此漏洞执行任意代码。这些漏洞影响 SolarWinds Serv-U 15.5.2.2.102 版本，该公司已发布 15.5.3 版本来解决这些问题。 消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Eigenfocus up to 1.4.0. It has been rated as problematic. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-13584. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.