PT-2024-10669 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible stack buffer overflow in the MTK FLP MSG HAL DIAG REPORT DATA NTF handler of flp2hal interface.c due to a missing...

X11 Keylogger

This module binds to an open X11 host to log keystrokes. This is a fairly close copy of the old xspy c program which has been on Kali for a long time. The module works by connecting to the X11 session, creating a background window, binding a keyboard to it and creating a notification alert when a...

CVE-2018-9413

In handlenotificationresponse of btifrc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2024-10677 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to a possible out of bounds write in the handle notification response function of btif rc.cc due to a missing bounds check. This could lead to remote code execution...

GHSA-4CHJ-3C28-GVMP

creationtimestamp| type| source ---|---|--- 2024-11-29 18:29:08+00:00| seen| https://infosec.exchange/users/cve/statuses/113567658636613264...

GHSA-XG58-75QF-9R67

creationtimestamp| type| source ---|---|--- 2024-11-25 18:50:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113545092265515508...

Astra Linux – Vulnerability in Firefox

Selected options might obscure the full-screen notification dialog box. This could be exploited by a malicious site to carry out a spoofing attack. This vulnerability affects Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1...

WordPress WordPress Announcement & Notification Banner Plugin – Bulletin Plugin <= 3.11.7 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Announcement & Notification Banner Plugin – Bulletin Type Plugin Vulnerable versions = 3.11.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10682 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownersh...

November 21, 2024—KB5046732 (OS Builds 22621.4541 and 22631.4541) Preview

November 21, 2024—KB5046732 OS Builds 22621.4541 and 22631.4541 Preview 11/12/24IMPORTANT Because of minimal operations during the Western holidays and the upcoming new year, there won’t be a non-security preview release for the month of December 2024. There will be a monthly security release for...

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions !NOTE When on a lower version than cosmossdk.io/math...

GHSA-7225-M954-23V7 ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions !NOTE When on a lower version than cosmossdk.io/math...

GHSA-J95P-7936-F75W

creationtimestamp| type| source ---|---|--- 2024-11-18 20:00:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113505730866493568...

CVE-2023-39179

creationtimestamp| type| source ---|---|--- 2024-11-18 12:22:17+00:00| seen| https://t.me/cvedetector/11324 2025-09-25 00:36:29+00:00| seen| MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51...

CVE-2024-11240

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument dbloginrole leads to cross site scripting. The attack may be...

CVE-2024-11239 Landray EKP API Interface import.do deleteFile path traversal

A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...

CVE-2024-8979

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'initcontentlostpassworduseremailcontrols' function. This makes it...

Fedora 37 : drupal7-link (2022-e795e17c38)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-e795e17c38 advisory. - https://www.drupal.org/project/link/releases/7.x-1.11 - SA-CONTRIB-2022-034 - https://www.drupal.org/project/link/releases/7.x-1.10 -...

CVE-2024-52292

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-2551

creationtimestamp| type| source ---|---|--- 2024-11-13 17:00:00+00:00| seen| https://security.paloaltonetworks.com/CVE-2024-2551 2024-11-13 18:38:44+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113477099455726632 2024-11-14 09:43:51+00:00| seen|...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...