Aggregator

A vulnerability was found in Linux Kernel up to 5.17.1 and classified as problematic. Affected by this issue is the function ufx_usb_probe. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2021-47652. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been classified as critical. This affects the function cirrusfb_check_pixclock. The manipulation leads to divide by zero. This vulnerability is uniquely identified as CVE-2021-47641. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been declared as critical. This vulnerability affects the function host1x_remove. The manipulation leads to memory leak. This vulnerability was named CVE-2021-47648. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. This vulnerability affects the function devm_kmalloc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2021-47651. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been classified as critical. Affected is the function zr36057_init. The manipulation leads to memory leak. This vulnerability is traded as CVE-2021-47644. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

本文基于 Symantec 2025 年最新研究，文末可以查看完整报告

A vulnerability was found in Synology Camera BC500, Camera CC400W and Camera TC500. It has been rated as very critical. This issue affects some unknown processing of the component Video Interface. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-11131. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology Unified Controller and Replication Service. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to off-by-one. This vulnerability was named CVE-2024-10442. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Kemp LoadMaster. It has been classified as critical. This affects an unknown part of the file mangle. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-1758. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Acrobat Reader DC and classified as critical. Affected by this issue is some unknown functionality of the component AcroForm. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-271561. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Synology DiskStation Manager, Unified Controller and BeeStation Manager and classified as very critical. Affected by this vulnerability is an unknown functionality of the component System Plugin Daemon. The manipulation leads to escaping of output. This vulnerability is known as CVE-2024-10441. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Synology DiskStation Manager. Affected is an unknown function of the component LDAP Utilities. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2024-10444. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： AMI 的 MegaRAC 基板管理控制器（BMC）软件中披露了一处严重的安全漏洞，攻击者可借此绕过身份验证并实施后续攻击。 该漏洞编号为 CVE-2024-54085，在 CVSS v4 标准下评分为 10.0，属最严重级别。 固件安全公司 Eclypsium 在报告中指出：“本地或远程攻击者可通过访问远程管理接口（Redfish）或内部主机到 BMC 接口（Redfish）来利用该漏洞。” “利用该漏洞，攻击者能够远程控制被攻陷服务器，远程部署恶意软件、勒索软件，篡改固件，砖化主板组件（BMC 或可能 BIOS/UEFI），造成服务器物理损坏（过压/砖化），以及引发受害者无法停止的无限重启循环。” 此外，该漏洞还可能被武器化，用于发起破坏性攻击，通过发送恶意命令使易受攻击的设备持续重启，从而导致无限期停机，直至设备重新配置。 自 2022 年 12 月以来，在 AMI MegaRAC BMC 中发现的一系列安全缺陷中，CVE-2024-54085 是最新的一例，这些缺陷被统称为 BMC&C，包括： – CVE-2022-40259：通过 Redfish API 执行任意代码 – CVE-2022-40242：通过 SSH 获取 UID = 0 的 shell 的默认凭据 – CVE-2022-2827：通过 API 进行用户枚举 – CVE-2022-26872：通过 API 拦截密码重置 – CVE-2022-40258：Redfish 和 API 的弱密码哈希 – CVE-2023-34329：通过 HTTP 标头欺骗绕过身份验证 – CVE-2023-34330：通过动态 Redfish 扩展接口注入代码 Eclypsium 指出，CVE-2024-54085 与 CVE-2023-34329 类似，都允许绕过身份验证且影响相似。该漏洞已确认影响以下设备： – HPE Cray XD670 – Asus RS720A-E11-RS24U – ASRockRack AMI 已于 2025 年 3 月 11 日发布补丁修复该漏洞。尽管目前尚无证据表明该漏洞已被野外利用，但下游用户在 OEM 厂商纳入这些修复并发布给客户后，应尽快更新系统。 “需要注意的是，修补这些漏洞并非易事，需要设备停机，”Eclypsium 表示。“该漏洞仅影响 AMI 的 BMC 软件堆栈。然而，由于 AMI 位于 BIOS 供应链的顶端，下游影响波及超过十几家制造商。”   消息来源：The Hacker News； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in Synology DiskStation Manager, Unified Controller and BeeStation Manager. This issue affects some unknown processing. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2024-10445. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.