Aggregator

Новый торговый центр в Китае стирает барьеры между человеком и машиной.

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息。

A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.21. Affected is an unknown function of the component Optimizer. The manipulation leads to denial of service. This vulnerability is traded as CVE-2020-14777. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MediaWiki up to 1.35.4/1.36.2/1.37.0. It has been rated as problematic. This issue affects some unknown processing of the component REST API. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2021-44854. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in SOGo up to 2.3.11/3.1.0. This affects an unknown part of the component Appointment Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2016-6190. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Android. Affected by this vulnerability is an unknown functionality of the file hid-multitouch.c of the component Kernel. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2020-0465. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Linux Kernel up to 5.10.35/5.11.19/5.12.2 and classified as critical. Affected by this vulnerability is the function vm_flags of the component vhost-vdpa. The manipulation leads to memory corruption. This vulnerability is known as CVE-2021-46967. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.164/5.15.89/6.1.7. It has been classified as problematic. Affected is the function qcom_geni_serial_port_setup of the file qca/htbtfw20.tlv. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-48871. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird. It has been classified as critical. Affected is an unknown function of the component Template Tag Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2020-6798. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle MySQL Server up to 8.0.21. Affected by this vulnerability is an unknown functionality of the component Optimizer. The manipulation leads to denial of service. This vulnerability is known as CVE-2020-14830. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

2025第四届北外滩网络安全论坛日程安排发布

当前环境出现异常,需完成验证后方可继续访问。

早上起来，把敲敲打卡里的项目做了清理，暂停了我已经养成的习惯（比如运动、阅读、向 AI 提问，这已经是肌肉记忆了，不做不舒服），也暂停了我没那么在意的习惯（比如微笑、提肛等）。 简化之后，剩下的是图一： 1. 任意俯卧撑、深蹲、引体向上：运动我更喜欢跑步、游泳，肌肉练得少，还是得盯着。 2. 英语对话或阅读 25 分钟：不写下来，很容易偷懒。 3. 静坐十分钟：试着让自己更平静，平静有平静的力量。 4. 夸奖一个人：准确、真诚的欣赏和夸奖，利人利己。 5. 写作 1000 字：之前是写作 25 分钟，经常枯坐 25 分钟就算数了，还是要有点压力。 6. 药不能停：得靠这个打卡来记录是不是每天吃药了——别有时候忘了吃，有时候一天吃两回。 在敲敲打卡的第三个 Tab——图二是“搭子”，是个我们的小设想，规则是： 1. 搭子（相互关注的好友）之间可以相互偷鱼。 2. 打卡即防御——今天打了卡，搭子就偷不了你的与了。 不知道会不会有点意思，大伙儿可以帮忙试试。 图三、图四 是其中两个打卡——英语和夸人，如果你感兴趣，欢迎一起。毕竟一群人走得远。

网站使用cookies记录用户偏好和访问历史以提供更相关体验。用户可点击“接受全部”同意所有cookies或通过“Cookie设置”自定义权限。

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Embargo Ransomware nets $34.2M in crypto since April 2024 Germany limits police spyware use to serious […]

A vulnerability was found in 7-Zip up to 25.00. It has been classified as critical. This affects an unknown part of the component Symbolic Links Handler. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2025-55188. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Rails Thor up to 1.3.x. It has been declared as critical. This vulnerability affects unknown code of the component Shell Command Handler. The manipulation leads to os command injection. This vulnerability was named CVE-2025-54314. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Planetluc mynews 1.6.4. It has been classified as problematic. This affects an unknown part of the file mynews.inc.php. The manipulation of the argument hash leads to cross site scripting. This vulnerability is uniquely identified as CVE-2008-0723. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in MySQL Quick Admin 1.5.5 and classified as problematic. This vulnerability affects unknown code of the file actions.php. The manipulation of the argument lang leads to path traversal. This vulnerability was named CVE-2008-4454. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in MyioSoft EasyBookMarker 4.0. It has been classified as critical. This affects an unknown part of the component Backend. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2008-5655. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.