Aggregator

关保联盟于2025年3月7日发布实施三项关键信息基础设施安全团体标准，并举办专题宣讲会解读标准内容与应用实践，助力行业安全规范落地。

关保联盟于2025年3月7日发布实施三项关键信息基础设施安全团体标准，并举办专题宣讲会解读标准内容与应用实践，助力行业安全规范落地。

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected by this vulnerability is the function net_dm_monitor_start. The manipulation leads to improper initialization. This vulnerability is known as CVE-2025-21862. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected by this issue is the function xfrm6_tunnel_net_exit. The manipulation leads to state issue. This vulnerability is handled as CVE-2025-21864. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. This affects the function gtp_net_exit_batch_rtnl. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-21865. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate system memory, escalate privileges, or access sensitive information. CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability The […]

The post CISA Alerts on Actively Exploited Linux Kernel Out-of-Bounds & Read Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. Affected by this vulnerability is the function nfp_app_ctrl_msg_alloc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21848. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been declared as critical. This vulnerability affects the function tcf_exts_miss_cookie_base_alloc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-21857. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.79/6.12.16/6.13.4/6.14-rc3. It has been rated as critical. This issue affects the function device_release. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21856. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.129/6.6.79/6.12.16/6.13.4/6.14-rc3. Affected by this issue is the function receive_encrypted_standard of the component SMB Client. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21844. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.11 and classified as problematic. This vulnerability affects the function zswap_compress/zswap_decompress of the component mm. The manipulation leads to improper initialization. This vulnerability was named CVE-2025-21693. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in RabbitMQ Server up to 4.0.2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-30219. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Топ уязвимостей за март просто удивляет.

懂王已经疯了吗

懂王已经疯了吗

OpenAI is preparing to launch as many as three new AI models, possibly called "o4-mini", "o4-mini-high" and "o3". [...]

A vulnerability, which was classified as problematic, was found in Schneider Electric Kerweb 3.0. Affected is an unknown function in the library kw.dll. The manipulation of the argument evtvariablename leads to cross site scripting. This vulnerability is traded as CVE-2012-1990. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

在网络安全领域，DNS（域名系统）常被认为是基础设施中的一环，承担着“解析地址”的功能。

在此前的文章中，我们回顾了数据要素化的发展历程，并探讨了国际可信数据空间的探索经验。本文将进一步聚焦当前国内可信数据空间建设中备受关注的几条技术路线，解析其核心理念，以期帮助读者更清晰地理解国内可信数据空间的演进方向