Aggregator

Крупные каналы в России теперь обязаны регистрироваться или потеряют доступ к функциям.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.46/6.10.4. Affected by this vulnerability is the function ext4_force_shutdown. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-43898. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.10.4. Affected is the function nvme_uninit_ctrl. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-43913. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Communications Cloud Native Core Console 22.1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component CNC Console. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2022-1271. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Communications Cloud Native Core Unified Data Repository 22.2.0. This affects an unknown part of the component UDR. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2022-1271. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in GNU gzip. Affected is an unknown function of the file xzgrep.in of the component zgrep. The manipulation leads to incorrect behavior order: early validation. This vulnerability is traded as CVE-2022-1271. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Tribe29 Checkmk Appliance up to 1.6.7. Affected is an unknown function of the component Log File Handler. The manipulation leads to use of get request method with sensitive query strings. This vulnerability is traded as CVE-2023-6287. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Checkmk up to 2.0.0p39/2.1.0p98/2.2.0p24/2.3.0b4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component websphere_mq Agent Plugin. The manipulation leads to acceptance of extraneous untrusted data with trusted data. This vulnerability is known as CVE-2024-3367. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Python Pip Pandas 2.2.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-42992. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Shield Security Plugin up to 20.0.5 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7313. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quiz and Survey Master Plugin up to 9.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6879. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Gameloft Wonder Zoo - Animal rescue 1.6.1. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-5628. The attack needs to be approached within the local network. There is no exploit available.

法国安全服务公司 Quarkslab 的研究员 Philippe Teuwen 发现，复旦微电子集团制造的非接触式读卡器芯片使用了相同的密钥，允许在数分钟内克隆 RFID 智能卡，打开世界各地的房门。复旦微电子在 2020 年发布了用于门锁钥匙、小额支付、会员卡的 FM11RF08S，它使用了被称为“静态加密随机数（static encrypted nonce）”的方法，研究人员设计了一种攻击方法，如果 FM11RF08S 密钥在至少三张卡上重复使用，就能破解它。进一步研究发现，FM11RF08S 存在一个硬件后门——也就是所有卡使用的相同密钥。Teuwen 发现上一代的 FM11RF08 存在相似的后门但使用了不同的密钥，该密钥被发现被 FM11RF08、FM11RF32、FM1208-10，以及 NXP 和 Infineon 的部分卡使用。Quarkslab 督促世界各地的酒店检查其房卡使用的芯片，评估安全风险。

本地化要求

A vulnerability classified as critical was found in Gameloft Ice Age Village 2.8.0. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-5627. Access to the local network is required for this attack to succeed. There is no exploit available.

Miggio has discovered a configuration-based vulnerability that enables cybercriminals to bypass authentication and authorization services provided by the Application Load Balancer (ALB) from Amazon Web Services (AWS) that could affect more than 15,000 potentially vulnerable applications.

The post Miggio Uncovers AWS Load Balancer Security Flaw appeared first on Security Boulevard.

Explore the latest features and enhancements in CodeSentry 6.1! We are excited to announce several enhancements in the latest release of CodeSentry:  Operating System and Package Analysis (Windows): Detects the detailed Windows Version, Build and UBR (Update Build Revision) Reports all application and software packages installed on a Windows disk image Enables precise reporting of…

The post What’s New in CodeSentry 6.1  appeared first on CodeSecure.

The post What’s New in CodeSentry 6.1  appeared first on Security Boulevard.

Шан Хейнс: от уважаемого банкира до преступника за несколько месяцев.