Aggregator

根据国家信息安全漏洞库（CNNVD）统计，本周2024年10月14日至2024年10月20日）安全漏洞情况如下。

Linux 内核将数名与俄罗斯联邦相关的贡献者从维护者列表中移除   日前，Linux 内核主要维护者之一 Greg Kroah-Hartman (Greg K-H) 提交了一项不寻常...

A vulnerability has been found in Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber and classified as problematic. This vulnerability affects unknown code of the component Web Server. The manipulation leads to execution with unnecessary privileges. This vulnerability was named CVE-2024-47903. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber. This affects an unknown part of the component Web Server. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2024-47902. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber. Affected by this issue is some unknown functionality of the component Web Server. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-47901. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Character.AI ответит за диалоги мальчика с ИИ.

A vulnerability was found in Intel SUR for Gameplay Software and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2023-40154. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The identification of this vulnerability is CVE-2024-10280. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-10281. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The identification of this vulnerability is CVE-2024-10196. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Siemens JT2Go up to 13.2.0.5. It has been declared as critical. This vulnerability affects unknown code of the component PDF File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-41902. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

华为正式发布了不再兼容 Android 的 HarmonyOS NEXT，也就是不再能运行 Android 应用，华为高管余承东称，“HarmonyOS 已成为最具生命力的数字底座，截至当前已有 1.1 亿+代码行，15000+ 鸿蒙原生应用和元服务已上架，鸿蒙生态设备超过 10 亿...” 华为称美团、抖音、淘宝、小红书、钉钉、支付宝、WPS、京东、飞书等都已开发了原生应用，运行 HarmonyOS NEXT 的移动设备的整体性能提高 30%，电池寿命延长了 56 分钟，平均留出 1.5GB 内存用于运行操作系统以外的用途。华为目前没有计划在中国以外推出 Harmony OS NEXT。

A vulnerability was found in Adobe Acrobat Reader up to 11.0.15/15.006. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2016-4104. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Former UK PM David Cameron called for stronger defenses against Chinese cyber espionage while advocating collaboration with Beijing, coinciding with the BRICS Summit

@网络基础设施安全赛道参赛人

On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. [...]

A vulnerability classified as problematic was found in Red Hat Enterprise Linux 7/8/9. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component PAM. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-10041. The attack needs to be approached locally. There is no exploit available.