Aggregator

A vulnerability was found in Contiki-NG up to 4.9. It has been classified as critical. This affects the function snmp_message_decode of the file os/net/app-layer/snmp/snmp-message.c of the component SNMP Module. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-41126. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Contiki-NG up to 4.9 and classified as critical. Affected by this issue is the function snmp_ber_decode_string_len_buffer of the file os/net/app-layer/snmp/snmp-ber.c of the component SNMP Module. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-41125. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Spencer14420 SPEmailHandler-PHP up to 0.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. This vulnerability is known as CVE-2024-53860. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Ultimate DevOps Developer Roadmap

A vulnerability, which was classified as problematic, was found in bunkerity bunkerweb up to 1.5.10. Affected is an unknown function of the component URL Handler. The manipulation of the argument next leads to open redirect. This vulnerability is traded as CVE-2024-53264. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Android 7/7.1.1/7.1.2/8/8.1. This issue affects the function impeg2d_bit_stream_flush of the component libmpeg2dec. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-13320. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

anonmoose Has Allegedly Leaked the Data of BigSMM

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...]

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]

CornDB is Allegedly Selling Credit Card Data of Hyp Payment Solutions

A vulnerability was found in ARM Trusted Firmware-M 1.4.0/1.4.1 and classified as critical. Affected by this issue is some unknown functionality of the component Firmware Update Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2021-43619. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Trusted Firmware-A up to 2.8. Affected by this vulnerability is an unknown functionality of the component X.509 Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2022-47630. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Trusted Firmware-M up to 1.8.0. This affects an unknown part of the component CryptoCell PSA Driver software Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-40271. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.