Aggregator

A vulnerability has been found in Oracle Financial Services Compliance Regulatory Reporting 8.0.6/8.0.7/8.0.8 and classified as critical. This vulnerability affects unknown code of the component Web Service to Regulatory Report. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2019-0227. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 印度卡纳塔克邦高等法院于2025年4月29日裁定，要求印度政府在全国范围内封禁加密邮件服务提供商Proton Mail。此裁决源于印度公司M Moser Design Associated India Pvt Ltd于2025年1月提起的一项法律诉讼。 根据法律媒体LiveLaw报道，该公司指控其员工收到通过Proton Mail发送的包含淫秽辱骂语言、AI生成的深度伪造图像及其他露骨色情内容的电子邮件。 在听证会上，法官M Nagaprasanna命令印度政府“根据《2008年信息技术法案》第69A条及《2009年信息封锁规则》第10条启动程序封禁Proton Mail”，并强调“在印度政府完成相关程序前，应立即封锁相关违规URL”。截至本文撰写时，Proton Mail在印度境内仍可正常访问。网络安全媒体The Hacker News已联系瑞士Proton公司寻求置评，尚未收到回复。 这是Proton Mail在印度第二次面临封禁威胁。去年初，因有报道称通过该平台发送虚假炸弹威胁，Proton公司曾声明“坚决反对任何违反瑞士法律使用其服务的行为”。根据瑞士法律，该公司虽不得向外国政府机构传输数据，但有义务配合瑞士当局的调查要求——瑞士执法部门可能会与境外机构合作打击非法活动。Proton补充说明：“尽管端到端加密技术为用户的邮件、文件、日历项和密码提供强隐私保护，但禁止利用该服务从事违反瑞士法律的行为。” 此次裁决再度引发关于加密通信服务监管的争议。支持者认为全面封禁侵犯用户隐私权，而执法部门则强调加密技术可能被滥用于非法活动。业界正密切关注Proton公司的后续回应及印度政府的执行措施。值得关注的是，Proton Mail作为全球知名隐私优先邮件服务，其运营基于瑞士严格的隐私法规，长期吸引重视数据安全的用户群体。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

看起来很简单，记录久了，力量就能浮现（可惜，大多数人还是做不到）。

看起来很简单，记录久了，力量就能浮现（可惜，大多数人还是做不到）。

A vulnerability, which was classified as critical, was found in uClibc and uClibc-ng up to 1.0.38. This affects the function gethostbyname/getaddrinfo/gethostbyaddr/getnameinfo of the component Domain Name Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2021-43523. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Wuzhi CMS 4.1.0. Affected by this issue is some unknown functionality of the component System Bulletin. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2020-19770. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in libexpat up to 2.4.2. Affected by this issue is the function storeAtts of the file xmlparse.c. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2021-45960. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BusyBox up to 1.33.2. It has been declared as problematic. This vulnerability affects unknown code of the component unlzma Applet. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2021-42374. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in libexpat up to 2.4.2. Affected is the function doProlog of the file xmlparse.c. The manipulation of the argument m_groupSize leads to integer overflow. This vulnerability is traded as CVE-2021-46143. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in libexpat up to 2.4.2. It has been declared as critical. This vulnerability affects the function addBinding of the file xmlparse.c. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-22822. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in libexpat up to 2.4.2. It has been rated as critical. This issue affects the function build_model of the file xmlparse.c. The manipulation leads to integer overflow. The identification of this vulnerability is CVE-2022-22823. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in libexpat up to 2.4.2. Affected is the function defineAttribute of the file xmlparse.c. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2022-22824. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in libexpat up to 2.4.2. Affected by this vulnerability is the function lookup of the file xmlparse.c. The manipulation leads to integer overflow. This vulnerability is known as CVE-2022-22825. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in libexpat up to 2.4.2. Affected by this issue is the function nextScaffoldPart of the file xmlparse.c. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2022-22826. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in libexpat up to 2.4.2. This affects the function storeAtts of the file xmlparse.c. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2022-22827. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

新闻速览 •国家密码管理局调整商用密码检测认证业务实施 •ISACA警报：95%组织缺乏量子计算威胁防御策略 […]

在数字威胁日益复杂的时代，全球网络安全领域的风向标再次指向旧金山。RSAC 2025全球网络安全大会于4月28 […]

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球