Aggregator

A vulnerability, which was classified as problematic, was found in protobuf-java core and protobuf-java lite up to 3.16.2/3.19.5/3.20.2/3.21.6. Affected is an unknown function of the component Garbage Collection Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-3171. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications Unified Inventory Management up to 7.4.2/7.5.0. This issue affects some unknown processing of the component Policy. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-3171. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Cloud Native Core Binding Support Function 22.3.0. It has been rated as critical. This issue affects some unknown processing of the component Policy. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-3171. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Oracle Communications Cloud Native Core Console 22.3.0 and classified as critical. This vulnerability affects unknown code of the component Configuration. The manipulation leads to denial of service. This vulnerability was named CVE-2022-3171. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Network Exposure Function 22.3.1. This issue affects some unknown processing of the component Platform. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-3171. The attack may be initiated remotely. There is no exploit available.

Sophos的 “2024 年勒索软件状况”调查报告显示，2024 年勒索软件攻击要求的平均赎金已飙升至约 2 […]

新闻速览 •世界互联网大会“互联网之光”博览会“网络安全主题展”11月19日开展 •黑客组织假冒猎头瞄准航空航 […]

一项针对 OvrC 云平台的安全分析发现了 10 个漏洞，这些漏洞可以串联起来，允许潜在攻击者在联网设备上远程执行代码。 Claroty 研究人员 Uri Katz 在一份技术报告中说：“成功利用这些漏洞的攻击者可以访问、控制和破坏 OvrC 支持的设备；其中一些设备包括智能电源、摄像头、路由器、家庭自动化系统等。” Snap One公司的OvrC（发音为 “oversee”）被宣传为一个 “革命性的支持平台”，能让业主和企业远程管理、配置网络上的物联网设备并排除故障。据其网站介绍，OvrC 解决方案已部署在 50 多万个终端用户地点。 根据美国网络安全和基础设施安全局（CISA）发布的协调公告，成功利用已发现的漏洞可使攻击者 “冒充并声称拥有设备，执行任意代码，并披露受影响设备的信息。” 已发现的这些漏洞会影响 OvrC Pro 和 OvrC Connect，该公司已于 2023 年 5 月发布了其中 8 个漏洞的修复程序，并于 2024 年 11 月 12 日发布了剩余 2 个漏洞的修复程序。 “我们发现的这些问题很多都是由于忽视了设备到云的接口而引起的，”卡茨说。“在许多这样的案例中，核心问题是由于弱标识符或类似的错误，物联网设备被交叉认领的能力。这些问题包括弱访问控制、身份验证绕过、输入验证失败、硬编码凭证和远程代码执行缺陷等。” 因此，远程攻击者可以利用这些漏洞绕过防火墙，在未经授权的情况下访问基于云的管理界面。更糟糕的是，这些访问权限随后可能被用于枚举和配置设备、劫持设备、提升权限，甚至运行任意代码。 最严重的漏洞列举如下 CVE-2023-28649 （CVSS v4 得分：9.2），允许攻击者假冒集线器并劫持设备 CVE-2023-31241（CVSS v4 分值：9.2），允许攻击者绕过序列号要求，认领任意未认领设备 CVE-2023-28386 （CVSS v4 评分：9.2），允许攻击者上传任意固件更新，导致代码执行 CVE-2024-50381（CVSS v4 分值：9.1），允许攻击者冒充集线器，任意取消认领设备，随后利用其他缺陷认领设备 “随着每天上线的设备越来越多，云管理成为配置和访问服务的主要手段，制造商和云服务提供商比以往任何时候都更需要确保这些设备和连接的安全，”Katz 说。“负面结果可能会影响连接到 OvrC 云的联网电源、商业路由器、家庭自动化系统等。 Nozomi Networks 在披露上述信息的同时，还详细介绍了影响 EmbedThis GoAhead 的三个安全漏洞，EmbedThis GoAhead 是嵌入式和物联网设备中使用的小型 Web 服务器，在特定条件下可能导致拒绝服务（DoS）。这些漏洞（CVE-2024-3184、CVE-2024-3186 和 CVE-2024-3187）已在 GoAhead 6.0.1 版本中得到修补。 最近几个月，江森自控的 exacqVision Web 服务也发现了多个安全漏洞，这些漏洞可被结合起来，控制连接到该应用程序的监控摄像头的视频流并窃取凭证。       转自安全客，原文链接：https://www.anquanke.com/post/id/301819 封面来源于网络，如有侵权请联系删除

A vulnerability, which was classified as problematic, was found in XFree86 X11r6 3.3.5/3.3.6/4.0. This affects an unknown part of the component TCP Packet Handler. The manipulation of the argument counter with the input -1 leads to denial of service. This vulnerability is uniquely identified as CVE-2000-0453. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

美国网络安全和基础设施安全局（CISA）扩充了其已知漏洞（KEV）目录，突出强调了目前在野外被利用的五个安全漏洞。这些漏洞横跨微软、思科、Atlassian 和 Metabase 产品，对处理敏感数据或暴露于公共网络的系统构成重大风险。 1. CVE-2024-43451 (CVSS 6.5)： NTLM 哈希值泄露漏洞 该漏洞因其触发简单而特别令人担忧。据微软称，与恶意文件的最小交互（如单击或右键单击操作）可能会将用户的 NTLMv2 哈希值暴露给远程攻击者。NTLM 哈希值是用户的加密凭据，攻击者可以通过它验证被攻击用户的身份，从而访问敏感资源。 2. CVE-2024-49039 (CVSS 8.8)： Windows 任务调度程序权限提升漏洞 由 Google 的威胁分析小组发现，此漏洞允许攻击者执行特制的应用程序，将权限从低完整性 AppContainer 环境提升到中完整性级别。这种权限升级可使攻击者运行通常仅限于高权限账户的 RPC 功能，从而在未经授权的情况下访问原本受保护的资源。 3. CVE-2021-41277 (CVSS 10)： Metabase GeoJSON API 本地文件包含漏洞 Metabase 是一个广泛使用的开源商业智能平台，它隐藏着一个关键漏洞，允许攻击者利用 GeoJSON API 进行本地文件包含。该漏洞可导致未经授权的数据访问和系统泄露，突出表明了及时进行软件更新和安全配置实践的重要性。 4. CVE-2014-2120： Cisco ASA WebVPN 跨站脚本漏洞 该漏洞存在于 Cisco Adaptive Security Appliance (ASA) 软件的 WebVPN 登录页面中，攻击者可利用该漏洞注入恶意脚本，从而可能泄露用户凭据并为会话劫持提供便利。这一遗留漏洞的持续存在强调了全面漏洞管理计划的重要性，以及解决所有系统漏洞（无论其使用年限长短）的必要性。 5. CVE-2021-26086 (CVSS 5.3)： Atlassian Jira 服务器和数据中心路径遍历漏洞 Atlassian Jira Server and Data Center 存在此漏洞，攻击者可利用路径遍历漏洞，在未经授权的情况下访问敏感文件。该漏洞凸显了安全编码实践的重要性，以及进行持续安全测试以识别和修复软件应用程序漏洞的必要性。 减轻威胁 CISA 要求联邦经济与商业委员会各机构在 2024 年 12 月 3 日前修补这些漏洞，这是对各行业组织优先进行漏洞管理的重要提醒。     转自安全客，原文链接：https://www.anquanke.com/post/id/301822 封面来源于网络，如有侵权请联系删除  

SANTA CLARA, Calif. — With great promise comes potential peril. And while artificial intelligence (AI) is looked upon as a panacea for enterprises, it also poses an existential security threat. “We stand at the intersection of human ingenuity and technological innovation, where the game of cybersecurity has evolved into a high-stakes match,” Nir Zuk, founder..

The post Palo Alto Networks Issues AI Red Alert appeared first on Security Boulevard.

A vulnerability classified as critical was found in SiteScape Sitescape Forum St. This vulnerability affects unknown code of the file support/dispatch.cgi. The manipulation leads to code injection. This vulnerability was named CVE-2007-6515. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Application Model Core API. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-21862. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2022 and classified as critical. Affected by this vulnerability is an unknown functionality of the component StateRepository API Server. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2022-21863. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. Affected by this issue is some unknown functionality of the component UI Immersive Server API. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-21864. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to Server 2022. It has been classified as critical. This affects an unknown part of the component Connected Devices Platform Service. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2022-21865. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component System Launcher. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-21866. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. This issue affects some unknown processing of the component Push Notifications Apps. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2022-21867. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Devices Human Interface. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-21868. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.