Aggregator

开源情报被确立为情报界核心学科。

本报告提供了一些建议，帮助开源软件的创建者和消费者负责任地管理软件，特别是在保护软件供应链的背景下。无论是软件的消费者还是提供商，您都是软件供应链的一部分，需要保护您使用的应用程序免受上游和下游风险的影响。

A vulnerability classified as critical has been found in Trend Micro Apex One. This affects an unknown part of the component modOSCE. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-39753. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Trend Micro Deep Discovery Inspector. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-46902. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Trend Micro Cloud Edge. Affected by this vulnerability is an unknown functionality of the component REST API. The manipulation leads to command injection. This vulnerability is known as CVE-2024-48904. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in ICONICS GENESIS64, Hyper Historian, AnalytiX, MobileHMI and Electric MC Works64. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2024-7587. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Главная загадка квантовой запутанности раскрыта.

彭博社报道，英国芯片设计公司 Arm 向其最大客户高通发出了取消芯片设计授权的 60 天通知。此举可能在智能手机和 PC 市场引发混乱，扰乱半导体行业两家最具影响力的公司的财务和运营。高通每年销售数亿个 Arm 处理器，大多数用于 Android 智能手机。如果取消授权生效，高通可能不得不停售占其约 390 亿美元收入大部分的产品，否则将面临巨额索赔。两家公司的冲突始于 2022 年，当时 Arm 提起诉讼，指控高通违反合同和商标侵权。通过取消授权通知，Arm 给高通八周时间去解决分歧。

CA/Browser Forum вводит новые требования к безопасности интернета.

A vulnerability was found in FreeRADIUS. It has been classified as problematic. This affects an unknown part of the component Request Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2002-0318. It is possible to initiate the attack remotely. There is no exploit available.

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September 19, 2024, has been classified as moderately severe and assigned a Common Vulnerability Scoring System […]

The post Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Pivotal Software Spring Framework 4.1.4版本中存在安全漏洞。攻击者可利用该漏洞执行代码。

一颗 2014 年在南非发现的巨大陨石造成了史上最强大的海啸，让整个海洋为之沸腾。被称为 S2 的陨石比我们所熟知的导致恐龙灭绝的陨石要大得多。6600 万前撞击地球的陨石宽 10 公里，高度与珠穆朗玛峰差不多。相比下， S2 宽 40-60 公里，质量比它大 50-200 倍。S2 的撞击发生在 30 亿年前的地球早期，当时的地球是一个水世界，多块大陆伸出海面。科学家发现，S2 除了造成巨大的破坏外，还帮助了地球早期生命的茁壮成长。

A vulnerability was found in KubeSphere 3.4.1/4.1.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper control of resource identifiers. This vulnerability is handled as CVE-2024-46528. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was suspected in Linux Kernel up to 6.6.53/6.10.12/6.11.1. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Redsys 3DSecure 2.0. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Redsys 3DSecure 2.0. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in 3DSecure 2.0. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in 3DSecure 2.0. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in 3DSecure 2.0. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.