Aggregator

VMware披露了两个影响vCenter Server 和Cloud Foundation产品的关键漏洞，可允许黑客执行远程代码并提升权限。

A vulnerability classified as critical was found in Lapp Group Catalogue 1.4. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6819. Access to the local network is required for this attack. There is no exploit available.

快速浏览！2024.9.9-9.15安全动态周回顾。

尽管相关工作人员在两周前就解决了安全问题，但许多客户仍然需要更新软件。

Organizations are combating excessive remote access demands with an equally excessive number of tools that provide varying degrees of security, according to Claroty. Data from more than 50,000 remote-access-enabled devices showed that the volume of remote access tools deployed is excessive, with 55% of organizations having four or more and 33% having six or more. Worse, almost 22% have eight or more, with some managing as many as 15 or 16 remote access tools. Remote … More →

The post Organizations overwhelmed by numerous and insecure remote access tools appeared first on Help Net Security.

株式会社Welcartが提供するWordPress用プラグインWelcart e-Commerceには、複数の脆弱性が存在します。

error code: 1106

Open Asset Import Libraryが提供するAssimpには、ヒープベースのバッファオーバーフローの脆弱性が存在します。

Tuesday, September 17, 2024 Community Chats Webinars LibraryHomeCybersecurity News

A vulnerability was found in NavBoard 16. It has been declared as critical. This vulnerability affects unknown code of the file admin_config.php. The manipulation of the argument threadperpage leads to code injection. This vulnerability was named CVE-2007-2899. The attack can be initiated remotely. Furthermore, there is an exploit available.

本文将对报告的核心内容进行解读，帮助读者提升对复杂安全威胁的认知与应对能力。

A vulnerability has been found in vLLM and classified as problematic. This vulnerability affects unknown code of the component API Request Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-8768. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Apple watchOS and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-44169. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Logo Manager for Enamad Plugin up to 0.7.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-5170. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as very critical was found in Acronis Backup Plugin for cPanel & WHM, Backup Extension for Plesk and Backup Plugin for DirectAdmin on Linux. Affected by this vulnerability is an unknown functionality. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2024-8767. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-40852. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. This issue affects some unknown processing of the component System Files Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-40825. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple visionOS. Affected is an unknown function of the component System Files Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-40825. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Video File Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-40841. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple macOS up to 13.6/14.6. Affected is an unknown function of the component Texture Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-44160. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.