Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 6.6.57/6.11.4. Affected by this vulnerability is the function devm_kasprintf of the component pinctrl. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-50070. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.4. Affected is the function damon_sysfs_test_add_targets in the library mm/damon/tests/sysfs-kunit.h. The manipulation leads to memory leak. This vulnerability is traded as CVE-2024-50068. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been rated as problematic. This issue affects the function add_inode_ref of the component btrfs. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2024-50088. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as problematic. This vulnerability affects the function read_alloc_one_name of the component btrfs. The manipulation of the argument name leads to uninitialized pointer. This vulnerability was named CVE-2024-50087. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.57/6.11.4. It has been classified as problematic. This affects an unknown part of the component xhci. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-50075. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 and classified as problematic. Affected by this issue is the function sprintf of the component parport. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-50074. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file net/mptcp/protocol.c of the component request_sock_subflow_v4. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-50083. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.57/6.11.4. Affected is the function vcap_api_encode_rule_test. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-50084. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.57/6.11.4. This issue affects the function vm86. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-50072. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.11.4. This vulnerability affects unknown code. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2024-50081. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

和人一样，随着年龄的增长，鸟类的朋友也越来越少。新研究表明，它们可能只是没有动力。伦敦帝国理工学院领导的这项新研究背后的团队研究了布里斯托尔海峡伦迪岛上一个孤立的麻雀种群。通过绘制所有鸟类的年龄和社交网络，他们发现，年龄较大的麻雀确实倾向于拥有更少的朋友，就像人类一样。原因可能是没有“进化压力”来这样做：虽然友好有助于年轻的鸟类生存和繁殖更成功，但对年长的鸟类来说无需如此。 首席研究员 Julia Schroeder 博士说：“这种进化机制可能也适用于人类——可能是老年人随着年龄的增长不太愿意结交新朋友。”再加上同龄的潜在朋友越来越少，这可能是老年人孤独危机的一个因素。

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. This affects the function gsm_cleanup_mux in the library lib/rbtree.c of the file drivers/tty/n_gsm.c:. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50073. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.4. It has been rated as critical. Affected by this issue is the function mptcp_pm_nl_rm_addr_or_subflow. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-50085. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4. It has been declared as critical. Affected by this vulnerability is the function devm_kasprintf of the component pinctrl. The manipulation of the argument returned leads to null pointer dereference. This vulnerability is known as CVE-2024-50069. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking official Nintendo communication. These emails, appearing to come from addresses, are being sent by third parties and are not legitimate communications from the company. Details of the Phishing Attack Nintendo has confirmed that these spoofed emails are being used to disseminate […]

The post Nintendo Warns of Phishing Attack Mimics Company Email Address appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Linus Torvalds 接受采访谈论了最近两年火热无比的 AI，认为九成是营销一成才是现实。他认可 AI 的潜力，但不认同它现在会改变世界，他讨厌围绕 AI 的炒作，因此他目前对 AI 的立场是基本无视它。他认为也许五年后情况会发生改变，我们会看到 AI 在实际工作中的日常应用。

27 岁的英国男子 Hugh Nelson 因使用 AI 创建儿童色情而被判 18 年。他对 16 项儿童色情相关指控认罪，其中包括使用美国软件公司 Daz 3D 的 AI 工具将真实的儿童日常照片转变成儿童色情材料，承认鼓励他人对儿童实施性侵。警方去年 6 月查获了其电子设备，在设备上发现了真实的儿童照片和 AI 生成的儿童色情图像。Nelson 承认根据客户要求制作和销售儿童色情图像。为其提供 AI 工具的 Daz 3D 公司表示其服务条款禁止创建儿童色情材料，将致力于改进其能力防止其软件用于此类用途。

COMThanasia是一款针对COM对象的安全审计工具，可以帮助广大研究人员轻松检测COM对象中的各种安全问题。

A vulnerability was found in Apple macOS up to 10.12.3. It has been rated as critical. This issue affects some unknown processing of the component IOATAFamily. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-2408. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 10.12.3. It has been declared as critical. This vulnerability affects unknown code of the component Intel Graphics Driver. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2443. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.