Aggregator

A vulnerability categorized as critical has been discovered in MISP 2.4.136. This issue affects some unknown processing of the component Password Handler. Executing a manipulation can lead to weak password requirements. This vulnerability is handled as CVE-2021-25323. The attack can only be done within the local network. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability identified as problematic has been detected in MISP 2.4.136. Impacted is an unknown function of the file app/View/GalaxyClusters/view.ctp of the component Galaxy Cluster View. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2021-25324. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability labeled as problematic has been found in MISP 2.4.136. The affected element is an unknown function of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster Element Handler. The manipulation results in cross site scripting. This vulnerability was named CVE-2021-25325. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability classified as problematic was found in MISP 2.4.136. Affected is an unknown function of the file app/View/Elements/global_menu.ctp. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2021-3184. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability categorized as problematic has been discovered in MISCP 2.4.128. Affected by this vulnerability is the function SetHomePage of the file app/Controller/UserSettingsController.php. Executing a manipulation of the argument path can lead to cross site scripting. This vulnerability is tracked as CVE-2020-24085. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as critical has been discovered in MISP 2.4.139. This issue affects some unknown processing of the file app/Model/SharingGroupServer.php. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2021-27904. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability labeled as problematic has been found in MISP 2.4.141. This impacts an unknown function of the file app/Model/MispObject.php of the component Event Edit Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2021-31780. Access to the local network is required for this attack. No exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability described as problematic has been identified in MISP 2.4.144. Impacted is an unknown function of the file app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp of the component Template Handler. Such manipulation leads to privilege escalation. This vulnerability is traded as CVE-2021-35502. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability has been found in MISP up to 2.4.145 and classified as problematic. This affects an unknown part of the file app/View/SharingGroups/view.ctp of the component Sharing Groups View. Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2021-36212. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in MISP 2.4.146. This affects an unknown function of the file app/View/GalaxyClusters/add.ctp of the component Galaxy Cluster Fork Handler. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2021-37534. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in MISP 2.4.147. Affected by this issue is some unknown functionality of the file app/View/Elements/GalaxyClusters/view_relation_tree.ctp of the component Galaxy Cluster Relationship Handler. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2021-37742. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in MISP 2.4.147. This affects an unknown part of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster Element Handler. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2021-37743. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

最新一波归因于网络犯罪团伙 ShinyHunters 的数据泄露事件（例如 University of Nottingham、DentaQuest、7-Eleven、Medtronic 和 Wynn Resorts）强化了一个安全领导者无法再忽视的严酷事实：攻击者正越来越多地绕过传统边界防御，转而针对身份、身份验证工作流、SaaS 集成和受信任的访问路径，而不是直接利用软件漏洞。 过去几个月，Sh...

6月22日，奇安信人工智能公司正式启动为期5天的“AI时代，攻防先行——奇安信AI安全系列新品发布周”，当日发布首款新品——奇安信威胁分析数字专家（威胁分析智能体）。

In August 2024 SonicWall published advisory SNWLID-2024-0015 for CVE-2024-40766. It is an imprope

声明：请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。最近看到hac

Valve 正式公布了其游戏机 Steam Machine 的售价，在 AI 热导致内存和 SSD 短缺的情况下，Steam Machine 的价格也涨到了对大多数人缺乏吸引力的程度：Steam Machine 512GB 1,049 美元，Steam Machine 512GB + Steam Controller 套装 1,128 美元，Steam Machine 2TB 1,349 美元，Steam Machine 2TB + Steam Controller 套装 1,428 美元。Valve 解释说，硬件的价格直接取决于组件的成本，在 2023 年开始为 Steam Machine 采购组件时，按照以前的趋势组件的价格会随时间而降低。然而过去大概一年的时间里，情况发生了快速而显著的变化，最明显的就是内存及存储组件的变化，这最终导致了当初为 Steam Machine 制定的目标定价不再可行。因此今天公布的价格反映了全球制造业的现状，或者更准确地说，反映了过去 6 个月里确保能获得的组件的价格。为避免有限库存被机器人程序抢先订购，Valve 宣布将对预订进行随机排序，它将于 6 月 29 日发布第一批产品，并会在有货时继续按顺序处理队列中的预订。

英伟达Vera Rubin平台即将量产，英伟达官方博客21日发布了文章，详细介绍了自家最新AI服务器所使用的45℃全面液冷技术，以及其带来的数据中心历史上最重要的能效突破之一。文章表示，热水浴缸的水温

A vulnerability described as problematic has been identified in MISP 2.4.122. This affects an unknown function of the file app/View/Elements/Events/View/sighting_field.ctp of the component Sighting Popover Tool. Such manipulation leads to cross site scripting (Persistent). This vulnerability is documented as CVE-2020-10247. The attack can be executed remotely. There is not any exploit available.