Aggregator

A vulnerability classified as critical has been found in Zoho ManageEngine ADManager Plus up to 7203. Affected is an unknown function of the component Modify Computers Option. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2024-24409. It is possible to launch the attack remotely. There is no exploit available.

这里记录每周值得分享的科技内容，周五发布。

Графики запланированных слушаний нарушены, новые даты пока неизвестны.

2025年1月1日正式实施。

在过去的几天里，乌克兰用户一直在社交媒体上分享他们地图位置的屏幕截图，显示他们在俄罗斯领土内。

新闻速览 •加拿大政府以国家安全为由下令TikTok关闭在加业务 •违规收集用户政治倾向等敏感数据，韩国对Me […]

随着通信、互联网技术的不断进步，Web应用从Web1.0发展到Web3.0，成为电商交易、企业形象、员工办公的 […]

The windows shatter attack is so old that it’s time for someone to reinvent it. This someone

根据发表在《Scientific Reports》期刊上的一项研究，祝融号漫游车发现了火星古代海洋的新证据。祝融号漫游车于 2021 年 5 月着陆于火星北半球的乌托邦（Utopia）地区，该地区此前曾发现古代的水迹。祝融号原计划工作 90 个火星日，在工作了 347 个火星日后因覆盖的火星灰尘太多而停止工作。研究人员报告了基于这次任务所收集数据的分析，论文作者主要作者、香港理工大学的吴波（Bo Wu）称，祝融号着陆区周围发现了曾经存在古代海洋的种种特征，包括凹坑锥体、多边形沟槽和侵蚀流痕。研究人员认为该地区曾存在一条海岸线，海洋是由 37 亿年前的洪水创造的，海洋后来结冰，侵蚀出一条海岸线，然后在 34 亿年前消失。研究人员强调，他们并未发现火星曾有海洋的确凿证据。

В новой схеме обмана компании добровольно отдают данные преступникам.

Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts. The "intriguing" campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email. "What makes the CRON#

A vulnerability was found in myCred Plugin up to 2.7.4 on WordPress. It has been rated as problematic. This issue affects the function mycred_link of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10187. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Elementor Header & Footer Builder Plugin up to 1.6.45 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-10325. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Registrations for the Events Calendar Plugin up to 2.12.3 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-7982. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 and classified as problematic. Affected by this issue is the function unuse_pud_range of the component HugeTLB Page. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2024-50199. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.227/5.15.168/6.1.113/6.6.57/6.11.4 and classified as critical. Affected by this vulnerability is the function dev_to_iio_dev of the component veml6030. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-50198. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.11.4. Affected is the function device_for_each_child_node of the component pinctrl. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-50197. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.168/6.1.113/6.6.57/6.11.4. This issue affects the function chained_irq_enter of the component pinctrl. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-50196. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.