Aggregator

2024 年在野大规模漏洞利用情况如何？

2024 年在野大规模漏洞利用情况如何？

2024 年在野大规模漏洞利用情况如何？

苹果发布搭载 M3 芯片的新款 iPad Air，售价 4799 元起； 智谱发布 CogView4：首个支持生成汉字的开源文生图模型； 全球首款宠物智能手机亮相：支持定位、AI 实时通话

JPCERT/CCは、「JSAC2025 開催レポート DAY 1 」を公開しました。JSAC2025開催レポートは3回にわけてカンファレンスの様子を紹介します。第1回目となる本稿では、DAY 1 Main Trackの講演について紹介しています。

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

勒索软件威胁正席卷全球，RaaS模式和双倍勒索策略加剧了攻击。LockBit、BlackCat等组织对全球企业构成严重风险，网络安全形势紧迫。

Trend Micro™ Managed XDR assisted in an investigation of a B2B BEC attack that unveiled an entangled mesh weaved by the threat actor with the help of a compromised server, ensnaring three business partners in a scheme that spanned for days. This article features investigation insights, a proposed incident timeline, and recommended security practices.

为高校的数字化转型与信息安全建设奠定坚实基础。

Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, […]

A vulnerability classified as problematic was found in GNU binutils up to 2.29. This vulnerability affects the function bfd_make_section_with_flags of the file section.c of the component libbfd. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2017-12457. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in ImageMagick 7.0.6-2. This issue affects the function WriteINLINEImage of the file coders/inline.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-12666. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Xiph.Org vorbis-tools 1.4.0 and classified as problematic. Affected by this issue is the function wav_open of the file oggenc/audio.c of the component WAV File Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2017-11331. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

A vulnerability was found in unrar-free 0.0.1. It has been declared as critical. This vulnerability affects unknown code in the library unrarlib.c of the component Debug Log Mode. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-11190. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in ImageMagick 7.0.6-1 and classified as critical. This issue affects the function GetPixelIndex of the file coders/xpm.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-11540. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in GNU binutils up to 2.29. It has been rated as critical. Affected by this issue is the function evax_bfd_print_emh of the file vms-alpha.c of the component libbfd. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2017-12455. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Oracle Berkeley DB up to 6.1.37. It has been declared as critical. This vulnerability affects unknown code of the component Data Store. The manipulation leads to improper access controls. This vulnerability was named CVE-2017-10140. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.