Now Sms & Mms Gateway Security Vulnerabilities

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app.....

Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway

Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to...

CVE-2024-33585

Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through...

CVE-2024-33585

Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through...

CVE-2024-33585 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through...

Fedora 40 : ofono (2024-c42ea059d0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c42ea059d0 advisory. A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the...

Fedora 40 : gh (2024-48aa5f1dae)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-48aa5f1dae advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Fedora 40 : python-asyncssh (2023-a3af7820e8)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a3af7820e8 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Debian: Security Advisory (DLA-3798-1)

The remote host is missing an update for the...

Fedora 40 : golang-x-crypto (2024-0d8d3b8dcc)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d8d3b8dcc advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...

The Bug Report - April 2024 Edition

The Bug Report - April 2024 Edition By Jonathan Omakun and Tobi Olawale· April 29, 2024 Why am I here? Just when you thought it was safe to go back into the digital waters, out pops another series of rogue waves in the form of CVEs! It's like that beach vacation you planned to get away from it...

[SECURITY] [DLA 3798-1] zabbix security update

Debian LTS Advisory DLA-3798-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 28, 2024 https://wiki.debian.org/LTS Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u5 CVE...

Debian dla-3798 : zabbix-agent - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3798 advisory. The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. (CVE-2024-22119) Note that Nessus has not tested for this...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0733)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

RHEL 7 : Red Hat OpenStack Platform 8 director (RHSA-2018:2857)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2857 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

RHEL 7 : python-django-horizon (RHSA-2015:1679)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1679 advisory. OpenStack Dashboard (Horizon) provides administrators and users with a graphical interface to access, provision, and automate...

CVE-2024-3051

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this...

CVE-2024-3051

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this...

CVE-2024-3052

Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...

CVE-2024-3052

Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...

CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability

Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...

CVE-2024-3052 Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability

Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the...

CVE-2024-3051 Z/IP Gateway Device Reset Locally Denial of Service Vulnerability

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this...

Metasploit Weekly Wrap-Up 04/26/24

Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis...

CVE-2024-3678

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected...

CVE-2024-4163

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file...

CVE-2024-4163

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file...

CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file...

CVE-2024-32868

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism....

CVE-2024-32868

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism....

CentOS 9 : libssh-0.10.4-12.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-12.el9 build changelog. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Ubuntu: Security Advisory (USN-6751-1)

The remote host is missing an update for...

CentOS 9 : openssh-8.7p1-38.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-38.el9 build changelog. The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism....

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

Impact ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

Impact ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Zabbix vulnerabilities (USN-6751-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6751-1 advisory. An authenticated user can create a link with reflected Javascript code inside it for the discovery...

Debian dla-3794 : pterm - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory. PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message....

Zabbix vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages zabbix - Open-source monitoring software tool for diverse IT components Details It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote...

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

*Updated 2024-04-25 16:57 GMT with minor wording corrections regarding the targeting of other vendors. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are...

Securing millions of developers through 2FA

Though technology has advanced significantly to combat the proliferation of sophisticated security threats, the reality is that preventing the next cyberattack depends on getting the security basics right, and efforts to secure the software ecosystem must protect the developers who design, build,.....

CVE-2024-2972

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2024-2972

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2024-2972 Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...