Aggregator

Submit #401402 / VDB-276807

Submit #401260 / VDB-276807

Submit #401262 / VDB-276807

A vulnerability classified as critical was found in tcpdump up to 4.9.1. This vulnerability affects the function mobility_print of the file print-mobility.c of the component IPv6 Mobility Parser. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-13009. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.3/20.15.0/22.4.0 on Windows. Affected by this issue is the function child_process.spawn/child_process.spawnSync of the component Incomplete Fix CVE-2024-27980. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-36138. The attack may be launched remotely. There is no exploit available.

Забытая формула, которая поразила современников точностью.

A vulnerability, which was classified as critical, has been found in travelzad travelzadcomvb 3.3.10. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-5939. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Apple macOS up to 10.13.1. This issue affects some unknown processing of the component tcpdump. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-13008. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Draytek VigorConnect and Kingsoft WPS Office vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these vulnerabilities: At the end of August, […]

A vulnerability classified as critical was found in AllDealsAsia All Deals ADA app 4.2.1. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5938. The attack can only be done within the local network. There is no exploit available.

关于如何做科研的一些个人经验 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Supasite. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_users.php. The manipulation of the argument supa[db_path] leads to code injection. This vulnerability is handled as CVE-2007-2185. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in Supasite. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin_topics.php. The manipulation of the argument supa[db_path] leads to code injection. This vulnerability is known as CVE-2007-2185. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in IBM MQ Operator 2.0.26/3.2.4. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2024-40680. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM MQ Operator 2.0.26/3.2.4. Affected is an unknown function of the component Queue Manager. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2024-40681. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Maximo Application Suite 8.10/8.11/9.0. It has been rated as problematic. This issue affects some unknown processing of the component Manage Component. The manipulation leads to risky cryptographic algorithm. The identification of this vulnerability is CVE-2024-37068. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target

A vulnerability classified as critical has been found in tcpdump up to 4.9.1. This affects the function parse_elements of the file print-802_11.c of the component IEEE 802.11 Parser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-13008. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

参考 Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf1 和 Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I2 做一下笔记。libafl 的自由度相当高，我觉得学习路线会比较陡峭，这一次我就不求甚解一波。 复现 先下载 xpdf ...

参考 Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf1 和 Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I2 做一下笔记。libafl 的自由度相当高，我觉得学习路线会比较陡峭，这一次我就不求甚解一波。 复现 先下载 xpdf ...