Aggregator

黑客利用 macOS 扩展文件属性隐藏恶意代码

新型漏洞攻击利用服务器进行恶意更新

mprz

A vulnerability classified as problematic was found in Hitachi Energy TRO600 up to 9.2.0.0. This vulnerability affects unknown code. The manipulation leads to improper removal of sensitive information before storage or transfer. This vulnerability was named CVE-2024-41156. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Veeam Service Provider Console up to 8.0. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-45206. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Veeam Agent up to 12.2 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PATH leads to injection. This vulnerability is known as CVE-2024-45207. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in Funnelforms Free Plugin up to 3.7.4.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2024-10587. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Eleblog Plugin up to 1.8 on WordPress. This affects an unknown part of the component Deactivation Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-10663. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Authors List Plugin up to 2.0.4 on WordPress. This vulnerability affects the function update_authors_list_ajax of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-10952. The attack can be initiated remotely. There is no exploit available.

ProFTPD 权限提升漏洞(CVE-2024-48651)安全风险通告

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and

A vulnerability, which was classified as problematic, was found in Keybase Command Line Client up to 2.8 on Linux. Affected is an unknown function. The manipulation as part of Search Path leads to untrusted search path. This vulnerability is traded as CVE-2018-18629. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing

英特尔推出售价249美元的Intel Arc B系列独立显卡 性能相当于RTX 4060

A vulnerability, which was classified as critical, was found in GNU binutils 2.28. This affects an unknown part of the file opcodes/bfin-dis.c. The manipulation as part of Binary File leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-9749. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

承与继：第六代和第九代 ThinkPad X1 Carbon 纯主观札记

狂欢双12

A vulnerability, which was classified as problematic, was found in JetBrains YouTrack. This affects an unknown part of the component Project Name Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-54155. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.