Aggregator
CVE-1999-0042 | University of Washington POP3/IMAP4 memory corruption (EDB-340 / Nessus ID 10125)
2 days 18 hours ago
A vulnerability was found in University of Washington POP3 and IMAP4 and classified as very critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-1999-0042. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
ArmorCode 将应用程序安全与基础设施漏洞管理统一起来
2 days 18 hours ago
安全客
Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities
2 days 18 hours ago
One of these flaws detected using LLMs was in the widely used OpenSSL library
Genie neemt nieuwe wegenmattenlegger in gebruik
2 days 18 hours ago
Genisten van de Koninklijke Landmacht kunnen sinds gisteren een beroep doen op de nieuwe wegenmattenlegger. De militaire bouwvakkers kunnen deze gebruiken om een onverhard oppervlak tijdelijk te verharden. Denk bijvoorbeeld aan drassige bodems en oevers. Het nieuwe systeem is gisteren in Vught overgedragen.
Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities
2 days 18 hours ago
Halo Security, a leader in external attack surface management and penetration testing, has announced the launch of its new Slack® app, empowering cybersecurity teams to receive real-time alerts on newly discovered assets, vulnerabilities, and other essential security updates directly within the Slack collaboration software. This new integration allows Halo Security’s customers to seamlessly incorporate important […]
The post Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
用“Haha So True!”回复作为维持社交纽带的最低努力
2 days 18 hours ago
在数字互动维持社交纽带的时代,印度研究人员提出了如何用最少的精力去维持数字友谊的方法:对朋友发送的各种梗回复“Haha So True!”。研究报告发表在《Journal of Astrological Big Data Ecology》期刊上。研究人员对 150 名参与者进行了三盲随机实验,测量了 Haha So True! 回复的效果,并对比了类似 OMG LMAO 或 LOL, I just snorted coffee 不同回复的效果差异。结果显示,Haha So True! 相比字数更多更努力的回复,在让朋友满意、减轻罪恶感和投射“我在乎……就够了”氛围上效果相差无几。
Fortinet VPN design flaw hides successful brute-force attacks
2 days 18 hours ago
A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. [...]
Ionut Ilascu
CVE-2015-5865 | Apple Mac OS X up to 10.10 IOGraphics Kernel Memory information disclosure (ID 370192 / SBV-53170)
2 days 18 hours ago
A vulnerability was found in Apple Mac OS X up to 10.10. It has been rated as problematic. This issue affects some unknown processing of the component IOGraphics. The manipulation leads to information disclosure (Kernel Memory).
The identification of this vulnerability is CVE-2015-5865. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-5866 | Apple Mac OS X up to 10.10 IOHIDFamily memory corruption (ID 370192 / SBV-53168)
2 days 18 hours ago
A vulnerability classified as critical has been found in Apple Mac OS X up to 10.10. Affected is an unknown function of the component IOHIDFamily. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2015-5866. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-5890 | Apple Mac OS X up to 10.10 IOGraphics memory corruption (ID 370192 / SBV-53172)
2 days 18 hours ago
A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component IOGraphics. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2015-5890. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-5871 | Apple Mac OS X up to 10.10 IOGraphics memory corruption (ID 370192 / SBV-53167)
2 days 18 hours ago
A vulnerability, which was classified as problematic, has been found in Apple Mac OS X up to 10.10. Affected by this issue is some unknown functionality of the component IOGraphics. The manipulation leads to memory corruption.
This vulnerability is handled as CVE-2015-5871. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-5872 | Apple Mac OS X up to 10.10 IOGraphics memory corruption (ID 370192 / SBV-53169)
2 days 18 hours ago
A vulnerability, which was classified as problematic, was found in Apple Mac OS X up to 10.10. This affects an unknown part of the component IOGraphics. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2015-5872. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2015-5873 | Apple Mac OS X up to 10.10 IOGraphics memory corruption (ID 370192 / SBV-53171)
2 days 18 hours ago
A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as problematic. This vulnerability affects unknown code of the component IOGraphics. The manipulation leads to memory corruption.
This vulnerability was named CVE-2015-5873. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
苹果官方警告:零日漏洞攻击瞄准 Mac 电脑用户
2 days 18 hours ago
苹果公司19日发布安全更新,修复了两个被用于攻击Mac用户的安全漏洞,并建议所有用户安装。 苹果在官网发布的安全公告中表示,发现了两个漏洞(CVE-2024-44308、CVE-2024-44309),可能在基于英特尔处理器的Mac系统上“被积极利用”。这类漏洞属于零日漏洞,因为在漏洞被攻击者利用时,苹果尚未意识到它们的存在。 为修复这两个漏洞,苹果发布了一系列软件更新,包括macOS、iOS和iPadOS。 目前尚不清楚针对Mac用户的攻击是由谁发起,也不清楚有多少用户成为目标,或者是否有用户设备已经被成功攻破。这些漏洞由谷歌威胁分析小组报告,该小组专注于调查政府支持的黑客行为和网络攻击。这表明,此次攻击可能涉及某个政府背景的行为者。而政府支持的网络攻击有时会使用商业间谍软件针对目标设备展开行动。 苹果在公告中表示,这些漏洞与WebKit和JavaScriptCore有关。WebKit是Safari浏览器运行网络内容的核心引擎,同时也是恶意攻击者的常见目标。攻击者通常通过利用WebKit引擎中的漏洞,侵入设备的软件系统,进而窃取用户的隐私数据。 安全公告进一步指出,这些漏洞可通过诱使易受攻击的苹果设备处理恶意构造的网络内容(如伪造的网站或电子邮件),触发任意代码执行,从而在目标设备上植入恶意软件。 苹果建议用户尽快更新其iPhone、iPad和Mac设备,以降低安全风险。 苹果生态已成零日攻击高发地带 加上这两个漏洞,苹果在2024年已累计修复了六个零日漏洞。今年的首次修复发生在1月,随后在3月修复了两个漏洞,5月修复了第四个漏洞。 相比2023年修复的20个遭在野利用的零日漏洞,今年的情况有了显著改善。 以下是2023年苹果修复零日漏洞的时间表: 11月修复的两个零日漏洞(CVE-2023-42916和CVE-2023-42917) 10月修复的两个零日漏洞(CVE-2023-42824和CVE-2023-5217) 9月修复的五个零日漏洞(CVE-2023-41061、CVE-2023-41064、CVE-2023-41991、CVE-2023-41992和CVE-2023-41993) 7月修复的两个零日漏洞(CVE-2023-37450和CVE-2023-38606) 6月修复的三个零日漏洞(CVE-2023-32434、CVE-2023-32435和CVE-2023-32439) 5月修复的三个零日漏洞(CVE-2023-32409、CVE-2023-28204和CVE-2023-32373) 4月修复的两个零日漏洞(CVE-2023-28206和CVE-2023-28205) 2月修复的另一个WebKit零日漏洞(CVE-2023-23529)。 转自安全内参,原文链接:https://www.secrss.com/articles/72598 封面来源于网络,如有侵权请联系删除
内容转载
CVE-2024-11088 | mra13 Simple Membership Plugin up to 4.5.5 on WordPress information disclosure
2 days 18 hours ago
A vulnerability, which was classified as problematic, was found in mra13 Simple Membership Plugin up to 4.5.5 on WordPress. This affects an unknown part. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2024-11088. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-11089 | cayenne Anonymous Restricted Content Plugin up to 1.6.5 on WordPress information disclosure
2 days 18 hours ago
A vulnerability, which was classified as problematic, has been found in cayenne Anonymous Restricted Content Plugin up to 1.6.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure.
This vulnerability is handled as CVE-2024-11089. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2015-3315 | Automatic Bug Reporting Tool /var/tmp/abrt/*/maps link following (RHSA-2015:1083 / EDB-44097)
2 days 18 hours ago
A vulnerability was found in Automatic Bug Reporting Tool. It has been rated as problematic. This issue affects some unknown processing of the file /var/tmp/abrt/*/maps. The manipulation leads to link following.
The identification of this vulnerability is CVE-2015-3315. The attack needs to be approached locally. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
US DoJ charges five alleged members of the Scattered Spider cybercrime gang
2 days 18 hours ago
The U.S. Justice Department charged five suspects linked to the Scattered Spider cybercrime gang with wire fraud conspiracy. The U.S. Justice Department charged five alleged members of the cybercrime gang Scattered Spider (also known as UNC3944, 0ktapus) with conspiracy to commit wire fraud. “Law enforcement today unsealed criminal charges against five defendants who allegedly targeted employees of […]
Pierluigi Paganini
美国大型医疗支付网络在遭受勒索软件攻击 9 个月后恢复系统
2 days 18 hours ago
安全客