Aggregator

A vulnerability was found in Microsoft Office. It has been classified as critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-30101. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Azure Science Virtual Machine on Linux. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-37325. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Microsoft Visual Studio. Affected is an unknown function. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2024-30052. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Edge. This vulnerability affects unknown code. The manipulation leads to insufficient ui warning of dangerous operations. This vulnerability was named CVE-2024-30058. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Microsoft Edge on iOS. Affected is an unknown function. The manipulation leads to product ui does not warn user of unsafe actions. This vulnerability is traded as CVE-2024-30057. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in expressjs multer up to 2.0.0. It has been declared as problematic. This vulnerability affects unknown code of the component Upload File Handler. The manipulation leads to uncaught exception. This vulnerability was named CVE-2025-48997. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Microsoft Edge on iOS/Android. This issue affects some unknown processing. The manipulation leads to the ui performs the wrong action. The identification of this vulnerability is CVE-2024-38083. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 户外品牌The North Face的母公司VF户外公司披露，其零售网站4月遭受数据泄露影响近3000名客户。VF户外公司（旗下还拥有JanSport和Timberland品牌）在向美国佛蒙特州及缅因州提交的数据泄露通知函中称，公司于4月23日首次发现异常活动，确认2861个账户遭非法访问。 调查显示，攻击者对The North Face官网发起凭据填充攻击——利用从其他渠道窃取的账号密码组合侵入用户账户。“攻击者极可能通过非本公司渠道获取您的邮箱与密码，再利用相同凭据入侵官网账户。”VF户外公司在声明中解释。公司强调本次事件未涉及法定必须通报的敏感信息，当前通知纯属“出于充分谨慎的考量”。 遭窃数据涵盖用户在官网的购买记录、收货地址、全名、出生日期及电话号码。支付信息未受波及，因信用卡数据由第三方支付平台托管，官网仅保留无法在非官网场景发起交易的令牌。VF户外公司已强制重置所有账户密码，并提醒客户：若在多平台使用相同密码应立即修改。本次事件不提供身份保护服务。 此次事件是VF户外公司近年第二起同类事故——2022年该公司曾向缅因州报告另一起凭据填充攻击，致近20万客户信息泄露。值得关注的是，该公司还是美国证监会新规生效首日首家申报“重大勒索软件攻击”的企业：2023年12月的攻击曾严重扰乱其订单处理系统。 The North Face遇袭之际，英美多领域零售商正持续遭受黑客组织Scattered Spider长达数月的攻击。上周女性时尚品牌Victoria’s Secret因安全事件被迫推迟财报发布；本周二卡地亚向客户发出系统遭入侵警告；阿迪达斯、迪奥与蒂芙尼近两周亦接连公告客户及员工数据泄露。美国联邦调查局已就此向主要零售商发布网络安全情报简报——此前该组织攻击目标已从英国零售商玛莎百货、Co-op转向美国企业。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in IBM i Access 7.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-7422. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in Helpcenterlive HCL 2.0.6/2.1.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file module.php. The manipulation of the argument File leads to path traversal. This vulnerability is known as CVE-2010-1652. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Miro Desktop 0.8.18 on macOS. Affected is an unknown function of the component Electron. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-23746. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in Apache bRPC up to 1.7.0 and classified as critical. This vulnerability affects unknown code of the component Header Handler. The manipulation of the argument Content-Length leads to http request smuggling. This vulnerability was named CVE-2024-23452. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in FreeBSD. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component IEEE 802.11s Mesh ID Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2022-23088. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Heateor Social Login Plugin up to 1.1.31. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-32674. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ILIAS up to 7.29/8.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Import Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-33526. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ILIAS up to 7.29/8.10. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-33529. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SaltOS RhinOS 3.0-1190 and classified as very critical. This vulnerability affects unknown code of the file /portal/search.htm. The manipulation of the argument Search leads to code injection. This vulnerability was named CVE-2024-5407. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link AX3000, AX9 and AX12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setMacFilterCfg. The manipulation of the argument macFilterType leads to command injection. This vulnerability is known as CVE-2024-39963. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linksys WRT54G 4.21.5. It has been declared as critical. This vulnerability affects the function get_merge_mac. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-41281. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Sky SKYSEA Client View up to 19.210.04e. It has been rated as critical. This issue affects some unknown processing of the component Executable File Handler. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-41726. The attack can only be initiated within the local network. There is no exploit available.