RSS 생중계

CVE-2021-40728

Latest 7 days CVE Lists - 토, 2021/10/16 - 12:15오전
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2021-40729

Latest 7 days CVE Lists - 토, 2021/10/16 - 12:15오전
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.

New Zealand Council Ends Contract With Wizard After Two Decades of Service

Slashdot - 금, 2021/10/15 - 11:45오후
The official Wizard of New Zealand, perhaps the only state-appointed wizard in the world, has been cast from the public payroll, spelling the end to a 23-year legacy. From a report: The Wizard, whose real name is Ian Brackenbury Channell, 88, had been contracted to Christchurch city council for the past two decades to promote the city through "acts of wizardry and other wizard-like services," at a cost of $16,000 a year. He has been paid a total of $368,000. The Wizard, who was born in England, began performing acts of wizardry and entertainment in public spaces shortly after arriving in New Zealand in 1976. When the council originally tried to stop him, the public protested. In 1982, the New Zealand Art Gallery Directors Association said he had become a living work of art, and then, in 1990, the prime minister at the time, Mike Moore, asked that he consider becoming the Wizard of New Zealand. "I am concerned that your wizardry is not at the disposal of the entire nation," Moore wrote on his official letterhead.

Read more of this story at Slashdot.

카테고리:

[$] Possible changes to Debian's decision-making processes

lwn.net - 금, 2021/10/15 - 11:35오후
The name Debian brings to mind a Linux distribution, but the Debian project is far more than that; it is an ongoing experiment in democratic project governance. Debian's processes can result in a lot of public squabbling; one should not lose track, though, of the fact that those processes have enabled a large community to maintain and grow a complex distribution for decades without the benefit of an overseeing corporate overlord. Processes can be improved, though; a recent proposal from Russ Allbery gives an interesting picture of where the pain points are and what can be made better.
카테고리:

CVE-2021-40987

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-40988

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-40989

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-40990

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-40992

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-41147

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.

CVE-2021-41148

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.

CVE-2021-37738

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-37739

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

CVE-2021-3874

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-3875

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3878

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
corenlp is vulnerable to Improper Restriction of XML External Entity Reference

CVE-2021-3881

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
libmobi is vulnerable to Out-of-bounds Read

CVE-2021-40986

Latest 7 days CVE Lists - 금, 2021/10/15 - 11:15오후
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

Security updates for Friday

lwn.net - 금, 2021/10/15 - 11:14오후
Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).
카테고리:

Hundreds of Banned Crypto Miners Were Siphoning Power at China's State Firms

Slashdot - 금, 2021/10/15 - 11:03오후
China's drive to root out cryptocurrencies has uncovered hundreds of miners who were using electricity at public institutions, a development that comes as the nation struggles with a power crunch. From a report: Zhejiang and Jiangsu provinces recently started targeting miners who were consuming the resources of state-owned enterprises, government agencies, and universities and research institutes, according to a government statement and media reports that did not name the entities. Jiangsu found about one-fifth of some 4,500 internet protocol addresses associated with illegal mining activity belonged to public institutions, according to the media outlet The Paper, which cited provincial communications authorities. Some 260,000 kilowatt hours of electricity were being used per day, the newspaper added. Cryptominers typically link their equipment to cloud services called mining pools to verify transactions on blockchains, allowing their physical locations to be traced. That would lead investigators to accounts with electric companies. The Zhejiang government published a statement on an official social account that included photos of equipment seized in raids, adding that 184 IP addresses were suspected of involvement in illegal mining exploiting public resources. "The rapid upgrading of mining hardware and fierce competition in computing power have resulted in massive energy usage, which is contrary to the carbon peak and carbon neutralization goals of the whole province as a major energy importer," the statement said.

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기