Aggregator

A vulnerability was found in FRRouting up to 9.1. It has been rated as critical. Affected by this issue is the function ospf_te_parse_ri of the component OSPF LSA Packet Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-31950. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in FRRouting up to 9.1. This affects the function ospf_te_parse_ext_link of the component Opaque LSA Extended Link Parser. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-31951. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FRRouting up to 9.1 and classified as problematic. This issue affects some unknown processing of the component BGP UPDATE Packet Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-31948. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in j3ssie osmedeus up to 4.6.4. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-51735. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in golang-jwt jwt up to 4.5.0. This issue affects some unknown processing of the component JSON Web Token Handler. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2024-51744. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in sigstore gitsign up to 0.10.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrectly-resolved name. This vulnerability is known as CVE-2024-51746. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in devtron up to 0.7.1. Affected is an unknown function of the file /orchestrator/user of the component CreateUser API. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-45794. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in HashiCorp Nomad and Nomad Enterprise up to 1.9.1. This affects an unknown part of the component Container Storage Interface Handler. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2024-10975. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞75个，影响到微软产品的其他厂商漏洞1个。

近日，国家信息安全漏洞库（CNNVD）收到关于Apache Struts安全漏洞（CNNVD-202412-1393、CVE-2024-53677）情况的报送。

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Шпионское ПО с 2017 года перехватывает коммуникации пользователей.

PDQ Deployの「Deploy User」Run Modeによるデプロイ処理中に、指定されたアカウントの資格情報が窃取される問題が報告されています。

宾夕法尼亚州立大学和哥伦比亚大学科学家首次观察到一类特殊准粒子——半狄拉克费米子。这类准粒子在朝一个方向移动时拥有质量，而朝另一个方向移动时则失去质量。研究人员表示，对这些准粒子开展深入研究，有望促进下一代电池、传感器等技术发展。当粒子的能量完全源自其运动时，它就没有质量。这意味着它本质上是以光速传播的纯能量，如以光速移动的光子就被认为没有质量。在固体材料中，一些行动一致的粒子（也被称为准粒子）的“一举一动”可能与单个粒子截然不同。有些准粒子仅在朝一个方向移动时才拥有质量，而朝另一个方向移动时没有质量。这些奇特的粒子被命名为半狄拉克费米子。研究人员在名为锆硅硫化物（ZrSiS）的半金属材料晶体内，首次窥见了半狄拉克费米子的“真容”。在实验中，研究团队将一块锆硅硫化物冷却至 -268.9℃左右，然后将其置于实验室强大的磁场中，并用红外光照射，随后分析材料反射的光。借助磁光光谱学技术，观测了锆硅硫化物晶体内准粒子的性质。

Facebook Messenger Group Call DoS Write-up

A vulnerability was found in danieliser Popup Maker Plugin up to 1.20.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument post_title leads to cross site scripting. The identification of this vulnerability is CVE-2024-10583. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in hashthemes Hash Form Plugin up to 1.2.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-12201. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in wpdevteam NotificationX Plugin up to 2.9.3 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11727. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in wplegalpages Cookie Consent for WP Plugin up to 3.6.5 on WordPress and classified as problematic. Affected by this issue is the function wpl_script_save. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-11724. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in g5theme Essential Real Estate Plugin up to 5.1.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Transaction Log Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-12329. The attack can be launched remotely. There is no exploit available.