Aggregator

A vulnerability classified as problematic was found in MediaTek MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983 and MT6985. Affected by this vulnerability is an unknown functionality of the component WLAN Service. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2023-20818. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft SharePoint Server. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2024-38094. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in hicolor 0.5.0. It has been classified as problematic. Affected is the function cp_block in the library /vendor/cute_png.h of the component PNG File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-41439. The attack needs to be done within the local network. Furthermore, there is an exploit available.

A vulnerability was found in ais-ltd strategyen 0.4.0. It has been classified as problematic. Affected is the function mergeObjects. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-39012. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Microsoft Windows and classified as critical. Affected by this issue is some unknown functionality of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-38212. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-38261. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-38265. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2024-43453. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-43592. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This vulnerability affects unknown code of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2024-43593. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

15 октября 2024 года российская компания-разработчик сообщила о выходе нового релиза Community-версии MultiDirectory.

Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while also addressing over 200 issues identified during the annual ESR transition audit. New Features for […]

The post Tor Browser 14.0 Released With New Android Circuit Options appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-10283. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-10282. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-10281. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #427064 / VDB-281558

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The identification of this vulnerability is CVE-2024-10280. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #427066 / VDB-281557

Submit #427065 / VDB-281556

亚马逊在给美国全国劳资关系委员会（NLRB）的文件中宣称，其反工会策略受到宪法第一修正案的保护。亚马逊的一群送货司机在 2023 年与卡车司机劳工组织 Teamsters 合作组建了工会，但亚马逊拒绝与工会谈判，理由是它不是司机的雇主，它是通过 Delivery Service Partner(DSP)系统与第三方快递公司签约雇佣了司机。NLRB 在 9 月份裁定亚马逊与 DSP 一起都是司机们的共同雇主，它对亚马逊提出了投诉。亚马逊在给 NLRB 的回复中否认它是共同雇主，并就亚马逊管理人员的反工会言论辩护称受到了宪法第一修正案对言论自由的保护。亚马逊采取了一系列反工会策略，其管理人员威胁解雇参加工会的司机，承诺如果他们不参加工会将能获得更好的福利。