Aggregator

酱酱们中午好～今天的 AGI 掘金热点资讯来啦，我们知识库上线了 AI 小助手，欢迎来撩！

字节跳动 STE 团队基于此技术开发了下一代内核网络抓包工具：netcap（net capture，内部原名：xcap），并正式对外开源。

微软在上周的例行安全更新中修复了一个 0day 漏洞 CVE-2024-38193，它位于 AFD.sys 中，属于释放后使用漏洞。微软警告攻击者利用该漏洞能获得系统权限，运行不受信任的代码。软件巨人当时没有披露谁在利用该漏洞。本周一，向微软报告该漏洞的组织 Gen 的研究人员披露，朝鲜黑客组织 Lazarus 在利用该漏洞安装 rootkit。研究人员称，攻击者针对的是从事加密货币工程或在航空航天领域工作的目标，旨在入侵其雇主的网络，以及窃取加密货币。Lazarus 利用该漏洞安装了 FudModule——它属于被称为 rootkit 的恶意程序。微软知道该漏洞之后花了半年时间才修复。黑客利用该漏洞的时间显然远长于半年。

A vulnerability classified as problematic was found in Popup Maker Plugin up to 1.19.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7054. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Apache DolphinScheduler up to 3.2.1. This affects an unknown part. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-43202. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vmware Spring Security 6.3.0/6.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component AuthorizeReturnObject Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-38810. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in zephyrproject-rtos Zephyr up to 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component LL_CONNECTION_UPDATE_IND Packet Handler. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-4785. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in posimyththemes Plus Addons for Elementor Plugin up to 5.6.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument video_date leads to cross site scripting. This vulnerability is traded as CVE-2024-5763. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Autodesk AutoCAD, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, Civil 3D, Advance Steel, AutoCAD LT and DWG TrueView 2025 and classified as critical. This issue affects some unknown processing in the library AdDwfPdk.dll of the component DWF File Handler. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-7305. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in bitpressadmin Contact Form Plugin up to 2.13.9 on WordPress and classified as problematic. This vulnerability affects the function addCustomCode. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7775. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in bitpressadmin Contact Form Plugin up to 2.13.9 on WordPress. This affects the function versions. The manipulation of the argument entryID leads to sql injection. This vulnerability is uniquely identified as CVE-2024-7702. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in bitpressadmin Contact Form Plugin up to 2.13.4 on WordPress. Affected by this issue is the function iconRemove of the file wp-config.php. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-7782. The attack may be launched remotely. There is no exploit available.

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitive data due to misconfigured access controls on custom record types (CRTs)," AppOmni's Aaron Costello

美国过去一年初创企业的倒闭数量激增 60%，因为创始人用光了在 2021-2022 年科技热潮期间筹集的资金，这威胁到风投支持的公司的数百万个工作岗位，并有可能波及更广泛的经济领域。根据为私营公司提供服务的 Carta的 数据，尽管数十亿美元的风险投资涌入人工智能公司，但初创企业的倒闭率仍在急剧上升。Carta 表示，今年第一季度有 254 家风投支持的企业客户破产。摩根士丹利表示，风投支持的企业在美国雇用了 400 万人，如果破产的上升势头没有放缓，将影响到经济的其它领域。Carta 称 2021 年从风投筹集资金的创业公司只有 9% 向投资者返回了资本。今天的大部分风投都投向了 AI 初创企业。

A vulnerability classified as critical was found in bitpressadmin Contact Form Plugin up to 2.13.9 on WordPress. Affected by this vulnerability is an unknown functionality of the file wp-config.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-7777. The attack can be launched remotely. There is no exploit available.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-08-20, 28 days ago. The vendor is given until 2024-12-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lachlan Davidson' was reported to the affected vendor on: 2024-08-20, 50 days ago. The vendor is given until 2024-12-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-08-20, 37 days ago. The vendor is given until 2024-12-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-08-20, 37 days ago. The vendor is given until 2024-12-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative' was reported to the affected vendor on: 2024-08-20, 57 days ago. The vendor is given until 2024-12-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.