Aggregator

A vulnerability was found in Linux Foundation Magma up to 1.8.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Mobile Management Entity. The manipulation of the argument TAI leads to null pointer dereference. This vulnerability is handled as CVE-2023-37034. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Foundation Magma up to 1.8.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component S1AP Packet Handler. The manipulation of the argument EUTRAN_CGI leads to null pointer dereference. This vulnerability is known as CVE-2023-37033. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Foundation Magma up to 1.8.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Mobile Management Entity. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-37032. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Foundation Magma up to 1.8.0. Affected is an unknown function of the component Mobile Management Entity. The manipulation of the argument RRC Establishment Clause leads to null pointer dereference. This vulnerability is traded as CVE-2023-37039. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Foundation Magma up to 1.8.0. This issue affects some unknown processing of the component Base Station Handler. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2023-37029. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Foundation Magma up to 1.8.0. This vulnerability affects the function decode_access_point_name_ie of the component NAS Packet Handler. The manipulation leads to reachable assertion. This vulnerability was named CVE-2024-24424. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Foundation Magma up to 1.8.0. This affects the function decode_linked_ti_ie of the component NAS Packet Handler. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2024-24420. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Foundation Magma up to 1.8.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Mobile Management Entity. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2023-37032. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Foundation Magma up to 1.8.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Emergency Number List. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2023-37024. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Foundation Magma up to 1.8.0. It has been classified as problematic. Affected is the function decode_traffic_flow_template_packet_filter of the file /3gpp/3gpp_24.008_sm_ies.c of the component NAS Packet Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-24419. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Foundation Magma up to 1.8.0 and classified as problematic. This issue affects the function decode_access_point_name_ie of the file /3gpp/3gpp_24.008_sm_ies.c of the component NAS Packet Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-24416. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Foundation Magma up to 1.8.0 and classified as problematic. This vulnerability affects the function decode_pdn_address of the file /nas/ies/PdnAddress.cpp of the component NAS Packet Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-24418. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting. […]

The post Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

时光匆匆，2024年的篇章已然落下帷幕。过去这一年，广东盈世计算机科技有限公司旗下品牌CACTER在邮件安全技 […]

时光匆匆，2024年的篇章已然落下帷幕。过去这一年，广东盈世计算机科技有限公司旗下品牌CACTER在邮件安全技术创新与发展上取得显著成就。2024年，我们从

ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious version that deployed the group’s custom backdoor, SlowStepper. This sophisticated backdoor boasts a toolkit with over 30 components. Since at least 2019, PlushDaemon has conducted espionage operations against individuals and organizations in China, Taiwan, Hong Kong, … More →

The post China-aligned PlushDaemon APT compromises supply chain of Korean VPN appeared first on Help Net Security.

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]' was reported to the affected vendor on: 2025-01-22, 42 days ago. The vendor is given until 2025-05-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Otelier（以前称为 MyDigitalOffice）是一种基于云的酒店管理解决方案，全球 10,000 多家酒店使用它来管理预订、交易、夜间报告和发票。该公司被许多知名酒店品牌使用，其中包括万豪