Aggregator

A vulnerability, which was classified as problematic, has been found in Moment Module up to 2.19.2 on Node.js. Affected by this issue is some unknown functionality of the component Regular Expression. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2017-18214. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Go. It has been rated as problematic. This issue affects the function Reader.Read of the component File Header Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2022-2879. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in HDF5 up to 1.14.3. This affects the function H5O__dtype_encode_helper of the file H5Odtype.c. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-32616. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in cURL up to 8.4.0. This affects an unknown part in the library lib/fopen.c of the component HSTS File Name Handler. The manipulation leads to missing encryption of sensitive data. This vulnerability is uniquely identified as CVE-2023-46219. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Dimensional Gate Linux Ratfor up to 1.06. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-55577. Attacking locally is a requirement. There is no exploit available.

A vulnerability has been found in discourse-ai and classified as problematic. This vulnerability affects unknown code of the component Post Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-54142. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in silverstripe-asset-admin up to 5.3.7. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-47605. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

一、Inline Hook 技术原理1.1 Hook 技术分类在 Windows 系统中，Hook 技术主要分为两类：消息钩子：通过 SetWindowsHookEx拦截 GUI 消息代码级钩子：直接修改目标函数代码实现拦截Inline Hook（内联钩子）属于代码级钩子，其核心原理是通过修改目标函数入口处的指令，将其重定向到自定义函数，从而实现拦截和篡改。1.2 技术实现流程定位目标函数：获取函

工程中心祝您元宵节快乐，幸福“元”满

工程中心祝您元宵节快乐，幸福“元”满

银花火树映重楼，蛇岁元宵韵自悠。 巷陌香飘汤饺糯，街衢灯耀彩光浮。 龙狮曼舞欢颜驻，鼓乐齐鸣逸兴留。 共品团圆祈盛景，福泽岁岁绕心头 。

银花火树映重楼，蛇岁元宵韵自悠。 巷陌香飘汤饺糯，街衢灯耀彩光浮。 龙狮曼舞欢颜驻，鼓乐齐鸣逸兴留。 共品团圆祈盛景，福泽岁岁绕心头 。

银花火树映重楼，蛇岁元宵韵自悠。 巷陌香飘汤饺糯，街衢灯耀彩光浮。 龙狮曼舞欢颜驻，鼓乐齐鸣逸兴留。 共品团圆祈盛景，福泽岁岁绕心头 。

HackerNews 编译，转载请注明出处：   谷歌澄清，新推出的 Android 系统 SafetyCore 应用不会对内容进行客户端扫描。 “Android 提供了许多本地保护措施，以防范恶意软件、信息垃圾邮件和滥用保护以及电话诈骗等威胁，同时保护用户隐私并让用户掌控自己的数据。”谷歌公司发言人向《黑客新闻》表示。“SafetyCore 是一项面向 Android 9 及以上设备的谷歌系统服务，它为安全、私密地进行内容分类提供了本地基础设施，帮助用户检测不想要的内容。用户可以控制 SafetyCore，只有当应用程序通过可选功能请求时，SafetyCore 才会分类特定内容。” SafetyCore（包名“com.google.android.safetycore”）于2024年10月首次推出，作为谷歌针对谷歌消息应用的一系列安全措施的一部分，旨在打击诈骗和敏感内容。该功能需要2GB的RAM，适用于运行 Android 9 及更高版本的所有 Android 设备，以及运行轻量级操作系统 Android Go 的入门级智能手机。 客户端扫描（CSS）是一种替代方法，用于在设备上分析数据，而不是削弱加密或在现有系统中添加后门。然而，这种方法引发了严重的隐私问题，因为它容易被滥用，迫使服务提供商超出最初同意的范围搜索材料。 谷歌消息应用中的敏感内容警告与苹果 iMessage 中的通信安全功能相似，后者使用本地机器学习分析照片和视频附件，判断照片或视频是否包含裸露内容。 GrapheneOS 操作系统的维护者在 X 上发布的一篇帖子中重申，SafetyCore 不提供客户端扫描，主要设计用于提供本地机器学习模型，其他应用程序可以利用这些模型将内容分类为垃圾邮件、诈骗或恶意软件。“对这类内容进行分类与试图检测非法内容并向服务提供商报告是不同的，后者会严重侵犯人们的隐私，并且仍存在误报的情况。这不是 SafetyCore 的用途，它也无法用于此。”   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in NTP 4.2.8p15. It has been classified as critical. This affects the function mstolfp of the file libntp/mstolfp.c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-26554. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in NTP 4.2.8p15. It has been declared as critical. This vulnerability affects the function praecis_parse of the file ntpd/refclock_palisade.c. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2023-26555. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Aten PE8108 2.4.232. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2023-25411. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The identification of this vulnerability is CVE-2023-3986. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2023-3987. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in User Submitted Posts Plugin up to 20230809 on WordPress. This affects an unknown part. The manipulation of the argument user-submitted-content leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-4308. It is possible to initiate the attack remotely. There is no exploit available.