Aggregator

关注 | 国家网信办集中整治网上金融信息乱象

A vulnerability classified as problematic has been found in rsync up to 2.5.7. This affects the function open_socket_out of the file socket.c. The manipulation of the argument RSYNC_PROXY as part of Environment Variable leads to memory corruption. This vulnerability is uniquely identified as CVE-2004-2093. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Ashley Montanaro Darxite 0.4. This issue affects some unknown processing. The manipulation of the argument Username/Password leads to memory corruption. The identification of this vulnerability is CVE-2000-0846. The attack may be initiated remotely. Furthermore, there is an exploit available.

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observed the adversary leveraging the Amadey bot malware to download custom malware onto "specifically

Permalink

The post Randall Munroe’s XKCD ‘Seismologists’ appeared first on Security Boulevard.

看雪 APP 2.0版本发布啦！支持在线课程

浏览器Pwn技术实战，解锁Chrome V8引擎攻击方法

WPForms插件漏洞导致数百万WordPress网站面临Stripe退款风险

购物APP设备风控SDK-mtop简单分析

2024上海创新攻关成果目录揭晓，默安科技宵明CSPM实力入选！

Наука на пороге новой иерархии бесконечностей.

A Threat Actor Claims to be Selling Loader Source Code

A vulnerability has been found in Mozilla Firefox up to 109 and classified as problematic. Affected by this vulnerability is the function TaskbarPreviewCallback. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2023-25733. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 109 and classified as critical. Affected by this issue is the function GetTableSelectionMode. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2023-25736. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 69 and classified as critical. Affected by this vulnerability is an unknown functionality of the component CSS Rule Handler. The manipulation leads to injection. This vulnerability is known as CVE-2019-25136. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Team Concert Plugin up to 2.4.1 on Jenkins. Affected is an unknown function of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2023-3315. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in ebCMS 1.1.0. Affected is an unknown function. The manipulation of the argument type leads to unrestricted upload. This vulnerability is traded as CVE-2020-20067. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Apache Answer up to 1.2.1. Affected is an unknown function of the component Registration Handler. The manipulation leads to race condition. This vulnerability is traded as CVE-2024-26578. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

网络安全信息与动态周报2024年第49期（12月2日-12月8日）

微软补丁日安全通告 | 12月份