Aggregator

本周，互联网网络安全态势整体评价为良。

韩国女作家韩江获得 2024 年度的诺贝尔文学奖，以表彰她用强烈的诗意散文直面历史创伤，揭示人类生命的脆弱。韩江毕业于韩国延世大学的国文系。1999 年曾获得韩国小说文学奖。目前任教于首尔艺术大学文艺创作学系。韩江是首位亚洲女性诺贝尔文学奖得主，也是继2000年诺贝尔和平奖得主、时任韩国总统金大中后第 2 位韩国籍诺贝尔奖得主。她的作品包括：《玄鹿》、《素食者》、《失语者》、《少年来了》、《白》、《不做告别》，小说集《植物妻子》和诗集《把晚餐放进抽屉里》。其中《少年来了》的背景是光州事件。

A vulnerability was found in ChurchCRM 4.5.3. It has been rated as critical. This issue affects some unknown processing of the file /churchcrm/EventAttendance.php. The manipulation of the argument Event leads to sql injection. The identification of this vulnerability is CVE-2023-24787. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in za-internet C-MOR Video Surveillance 5.2401/6.00PL01. It has been classified as critical. Affected is an unknown function of the file settimezone.pml of the component Web Interface. The manipulation of the argument city leads to os command injection. This vulnerability is traded as CVE-2024-45179. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LemonLDAP::NG up to 2.19.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component OAuth2 Client Authentication. The manipulation of the argument client_password leads to improper authentication. This vulnerability is known as CVE-2024-45160. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Nagios Nagios-plugins up to 2.4.4. It has been rated as problematic. Affected by this issue is the function check_by_ssh. The manipulation of the argument ProxyCommand/LocalCommand/PermitLocalCommand leads to command injection. This vulnerability is handled as CVE-2023-37154. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in oath-toolkit up to 2.6.11 and classified as critical. This issue affects the function oath_authenticate_usersfile of the file liboath/usersfile.c of the component pam_oath.so. The manipulation leads to symlink following. The identification of this vulnerability is CVE-2024-47191. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

仅一周时间，威胁猎人就监测到被泄露的企业员工账号数量超400万，涉及社交、电商、教育等行业近20万家企业。

Федеральные агентства раскрыли преступные схемы, которые направлены на уязвимые слои населения и добродушных жителей.

火山引擎助力企业提升IT管理效能

涵盖CUPS打印系统、恶意软件虚拟化、Exchange PowerShell等多领域漏洞，以及Active Directory检测、Zimbra邮件平台远程命令执行等关键威胁

Почему поиск работы становится невыполнимой миссией?

A vulnerability classified as critical was found in CodeProjects Health Care Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Staff Info Module. The manipulation of the argument searvalu leads to sql injection. This vulnerability is known as CVE-2024-38348. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Relevanssi Plugin up to 4.23.0 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9021. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Custom Twitter Feeds Plugin up to 2.2.2 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8983. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Livewire up to 3.5.1. This issue affects the function getClientOriginalName. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-47823. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.