Aggregator

微步在线发布下一代威胁情报

OT设备接入互联网，组织应该重点关注OT安全

A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component Installer. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2022-21908. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 20H2 and classified as critical. Affected by this issue is some unknown functionality of the component Cluster Port Driver. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-21910. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft .NET Framework up to 4.8. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-21911. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to Server 2019. It has been declared as critical. This vulnerability affects unknown code of the component DirectX Graphics. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2022-21912. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Remote Access Connection Manager. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2022-21914. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component GDI+. The manipulation leads to information disclosure. This vulnerability is known as CVE-2022-21915. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Common Log File System Driver. The manipulation leads to Privilege Escalation. This vulnerability is handled as CVE-2022-21916. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2022 and classified as critical. This vulnerability affects unknown code of the component DirectX Graphics. The manipulation leads to denial of service. This vulnerability was named CVE-2022-21918. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Каталонский суд становится ареной битвы за права и приватность.

美国黑客 Ilya Lichtenstein 因在 2016 年入侵交易所 Bitfinex 窃取 12 万枚比特币而被判 5 年徒刑。他在妻子 Heather Morgan 的帮助下洗钱，Morgan 将于 11 月 18 日宣布刑期。在盗窃发生时比特币价值 7000 万美元，等到他们于 2022 年被捕时总价值升至了 45 亿美元，如今随着币值单价接近 9 万美总价值再次翻倍。这是至今金额最高的比特币盗窃案之一。

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-11248. The attack may be launched remotely. Furthermore, there is an exploit available.

随着人工智能等新技术的兴起，相关利用AI进行的网络犯罪活动也逐渐增多。日前，谷歌发出警告，称发现多种颇具欺骗性的网络欺诈活动。

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. This vulnerability is known as CVE-2024-11247. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. This vulnerability is traded as CVE-2024-11246. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-11245. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-11244. The attack can be initiated remotely. Furthermore, there is an exploit available.

A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks, enabling threat actors to gain unauthorized administrative access. Vulnerability Overview The vulnerability affects versions 9.0.0 […]

The post 4M+ WordPress Websites to Attacks, Following Plugin Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #443204 / VDB-284684