Aggregator

Submit #430050 / VDB-282606

Помехи в 5G и радарах скоро будут под контролем.

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app. [...]

A vulnerability was found in Foreman and classified as problematic. This issue affects some unknown processing of the component Template Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-8553. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in cure53 DOMPurify up to 2.4.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability was named CVE-2024-48910. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

mommy is Allegedly Selling Unauthorized Access to Sangfor Technologies

Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. "While the iOS implant delivery method closely mirrors that of the macOS version, the post-exploitation and privilege escalation stages differ

Резервные системы NASA помогли преодолеть глубокий космос.

Мошенническая схема под видом торгового помощника набирает обороты.

Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. [...]

AMD 正式宣布了被誉为最强游戏 CPU 的 Ryzen 7 9800X3D，售价 479 美元，11 月 7 日上市。Ryzen 7 9800X3D 为 8 核 16 线程处理器，其中 3D V-Cache 64MB，总缓存 104MB。它使用了第二代 3D V-Cache，其放置位置从处理器核心的上方转移到下方，靠近散热器，因此温度控制更出色，功耗为 120 瓦。它的游戏性能比上一代的 Ryzen 7 7800X3D 提升 8%，比竞争对手英特尔的 Core Ultra 9 285K Arrow Lake 提升 20%。

Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories

Linux 项目最近以合规为由移除了多名内核维护者。俄罗斯数字部回应称这是歧视行为，表示计划建立本国的替代 Linux 社区。目前尚不清楚俄罗斯是否打算创建和维护一个 Linux 分支。此前 Linux 作者 Linus Torvalds 公开表示作为芬兰人，不会支持俄罗斯的侵略行为。大部分被移除的内核维护者就职于被美国制裁的俄罗斯公司。卡巴斯基的一位专家认为，Linux 项目可能会增加对来自俄罗斯开发者递交补丁的怀疑。一家开发开源数据库管理系统的公司创始人 Ivan Panchenko 表示，俄罗斯开发者对内核贡献并不多，因此影响有限，来自俄罗斯的普通软件 bug 修复补丁可能会继续接受。

A vulnerability, which was classified as critical, was found in DrayTek Vigor 3900 1.5.1.3. This affects the function sign_cacertificate of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-51254. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DrayTek Vigor 3900 1.5.1.3. Affected by this issue is the function setup_cacertificate of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-51259. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical was found in Beckhoff TwinCAT Package Manager. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2024-8934. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

abyss0 is Allegedly Selling Data of Temenos Quantum Fabric