CVE-2024-7541 oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7540

CVE-2024-7540 concerns oFono’s AT CMGL command handling. The issue stems from uninitialized memory during parsing of AT+CMGL responses, which can allow a local attacker who already has code execution on the target modem to disclose sensitive information and potentially escalate to root. Affected ...

CVE-2024-7540 oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

CVE-2024-7540 oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

SUSE-SU-2024:2756-1 Security update for ksh

This update for ksh fixes the following issues: - CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression bsc1160796 Other fixes: - do not use posixspawn as it lacks proper job handling bsc1224057 - fix segfault in variable substitution...

Arbitrary Code Execution

golang/go is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of environment variable values, which results in the output of the "go env" command to include arbitrary commands or new environment variables when executed as a shell script...

CVE-2024-33021 Use of Uninitialized Variable in Automotive GPU

Memory corruption while processing IOCTL call to set metainfo...

bcache: fix variable length array abuse in btree_iter

...

fbdev: savage: Handle err return when savagefb_check_var failed

...

Fuzzy matching with Ghidra BSim, a guide

TL;DR BSim, Ghidra’s new built-in plugin is a game-changer for reversing firmware and other stripped binaries. Rapidly identify and annotate functions from known libraries. Fuzzy matching works with unknowns, like exact library versions and compiler options. Automatically define custom variable...

PT-2024-28879 · Unknown · Puneethreddyhc Online Shopping System

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping system advanced version 1.0 Description: The issue allows an attacker to execute arbitrary code. An unauthenticated remote attacker can manipulate the address1 variable in the "register.php" endpoint...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono that stems from an uninitialized variable vulnerability found in the AT CMGR Command module...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono that stems from an uninitialized variable vulnerability found in the AT CMT Command module...

(0Day) (Pwn2Own) oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CM...

oFono 安全漏洞

oFono is an open source telephony communication framework open-sourced by UBports. A security vulnerability exists in oFono that stems from an uninitialized variable vulnerability found in the AT CMGL Command module...

CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

Unspecified vulnerability in Linux kernel (CNVD-2024-35101)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the bpf module in the BPFCOREREADBITFIELD macro, where the variable val may be uninitialized. This could...

PT-2024-33748

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer dereference issue has been resolved in the Linux kernel. The problem occurred because the afb variable was assumed to be null at a certain point but was used later witho...

CVE-2024-42094

In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. Instead, kernel code...

CVE-2024-42223

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state-xtalhz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pllmfactor. Create a new 64 bit variable to hold the calculations...