Aggregator

A vulnerability was found in Microsoft Excel up to 2002. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Macro Security Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2003-0821. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows NT 4.0/2000/XP/Server 2003 and classified as very critical. This issue affects some unknown processing of the file GS of the component WINS Server. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2003-0825. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GNU lsh Daemon 1.4. It has been rated as critical. This issue affects some unknown processing of the file read_line.c/channel_commands.c/client_keyexchange.c. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2003-0826. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

由于出现错误代码521（Cloudflare 错误），无法正常加载文章内容。建议检查网络连接或联系网站管理员以解决问题。

A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-7915. The attack may be launched remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 里士满放射学协会（Radiology Associates of Richmond，简称RAR）披露了一起影响超过140万人的数据泄露事件。 该医疗机构在其官网上发布的《数据安全事件通告》显示，黑客在2024年4月的几天内入侵了该组织的系统。 超过一年后，里士满放射学协会确认，被入侵的系统中存储了包含可识别个人身份的健康及隐私信息的文件。 该机构目前没有证据表明泄露信息已被恶意使用，仅向社会保障号码（Social Security number）被包含在泄露文件中的患者提供免费的信用监控服务。 里士满放射学协会总部位于弗吉尼亚州里士满，在弗吉尼亚州中部多家医院、独立急诊中心和门诊影像中心提供医学影像服务。 美国卫生与公众服务部（HHS）的医疗数据泄露追踪系统显示，此次事件影响了1,419,091人。 目前没有已知的勒索软件组织宣称对此次攻击负责。 这并非近期披露的唯一重大医疗数据泄露事件。HHS追踪系统显示，马里兰州皮肤病服务提供商安妮阿伦德尔皮肤病学中心（Anne Arundel Dermatology）也遭遇了一起影响190万人的数据泄露。       消息来源： securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

奖品上新，2025年未在补天提交过有效漏洞的白帽子均可参与！

当前环境出现异常状态,需完成验证后方可继续访问。

A vulnerability was found in Linux Kernel up to 6.8.2 and classified as problematic. This issue affects some unknown processing of the file drivers/usb/gadget/udc/core.c of the component usb. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-35822. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.2 and classified as problematic. This vulnerability affects the function cgr_lock of the component qbman. The manipulation leads to denial of service. This vulnerability was named CVE-2024-35819. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been declared as problematic. This vulnerability affects the function brcmf_cfg80211_detach. The manipulation leads to use after free. This vulnerability was named CVE-2024-35811. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been rated as problematic. This issue affects the function prev_idata of the component mmc. The manipulation leads to improper validation of array index. The identification of this vulnerability is CVE-2024-35813. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.6.23/6.7.11/6.8.2. Affected is the function dma_alloc_coherent of the component swiotlb. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-35814. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.11/6.8.2. It has been classified as critical. This affects the function md_reap_sync_thread of the file md/dm-raid: of the component dm-raid. The manipulation leads to deadlock. This vulnerability is uniquely identified as CVE-2024-35808. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了网络威胁监控中心的值班人员Jan Kopriva及其职责，并提到当前威胁级别为绿色。同时提供了ISC Stormcast播客的链接和即将举办的“Application Security: Securing Web Apps, APIs, and Microservices”课程的信息。

A vulnerability has been found in Oracle Banking Virtual Account Management up to 14.7.0 and classified as critical. This vulnerability affects unknown code of the component Common Core. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-33201. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Lending and Leasing up to 14.7.0 and classified as critical. This issue affects some unknown processing of the component Internal Operations. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-33201. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Revenue Management and Billing up to 6.0.0. It has been classified as critical. Affected is an unknown function of the component Infrastructure. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33201. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Managed File Transfer 12.2.1.4.0. It has been classified as critical. Affected is an unknown function of the component MFT Runtime Server. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-33201. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle WebCenter Portal 12.2.1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Security Framework. The manipulation leads to information disclosure. This vulnerability is known as CVE-2023-33201. The attack can be launched remotely. There is no exploit available.