Aggregator

导语一年一度的“大考”持续火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！【免责声明】本文档提供的信息旨在帮助网络安全专业人员更好地理解和维护业务系统的

A vulnerability was found in Linux Kernel up to 6.6.45/6.10.4 and classified as problematic. This issue affects the function idr_alloc of the component memcg. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-43892. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.4 and classified as critical. This vulnerability affects the function resource_log_pipe_topology_update of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-43886. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.46/6.10.5. This affects the function sanity_check_extent_cache. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-44941. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.46/6.10.5. Affected by this issue is the function dtInsertEntry of the component jfs. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-44939. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Крупные каналы в России теперь обязаны регистрироваться или потеряют доступ к функциям.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.46/6.10.4. Affected by this vulnerability is the function ext4_force_shutdown. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-43898. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.10.4. Affected is the function nvme_uninit_ctrl. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-43913. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Cloud Native Core Console 22.1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component CNC Console. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2022-1271. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Unified Data Repository 22.2.0. This affects an unknown part of the component UDR. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2022-1271. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GNU gzip. Affected is an unknown function of the file xzgrep.in of the component zgrep. The manipulation leads to incorrect behavior order: early validation. This vulnerability is traded as CVE-2022-1271. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Tribe29 Checkmk Appliance up to 1.6.7. Affected is an unknown function of the component Log File Handler. The manipulation leads to use of get request method with sensitive query strings. This vulnerability is traded as CVE-2023-6287. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Checkmk up to 2.0.0p39/2.1.0p98/2.2.0p24/2.3.0b4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component websphere_mq Agent Plugin. The manipulation leads to acceptance of extraneous untrusted data with trusted data. This vulnerability is known as CVE-2024-3367. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Python Pip Pandas 2.2.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-42992. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Shield Security Plugin up to 20.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7313. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quiz and Survey Master Plugin up to 9.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6879. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Gameloft Wonder Zoo - Animal rescue 1.6.1. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5628. The attack needs to be approached within the local network. There is no exploit available.

法国安全服务公司 Quarkslab 的研究员 Philippe Teuwen 发现，复旦微电子集团制造的非接触式读卡器芯片使用了相同的密钥，允许在数分钟内克隆 RFID 智能卡，打开世界各地的房门。复旦微电子在 2020 年发布了用于门锁钥匙、小额支付、会员卡的 FM11RF08S，它使用了被称为“静态加密随机数（static encrypted nonce）”的方法，研究人员设计了一种攻击方法，如果 FM11RF08S 密钥在至少三张卡上重复使用，就能破解它。进一步研究发现，FM11RF08S 存在一个硬件后门——也就是所有卡使用的相同密钥。Teuwen 发现上一代的 FM11RF08 存在相似的后门但使用了不同的密钥，该密钥被发现被 FM11RF08、FM11RF32、FM1208-10，以及 NXP 和 Infineon 的部分卡使用。Quarkslab 督促世界各地的酒店检查其房卡使用的芯片，评估安全风险。