Bluetree Co., Ltd Security Vulnerabilities

CVE-2023-42671

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42691

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2022-48462

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2022-48464

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-42673

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42674

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42675

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42677

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42685

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42688

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2022-48463

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges...

CVE-2023-42672

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42692

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42694

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42695

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42689

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42678

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-42686

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42687

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42690

In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges...

CVE-2023-42676

In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges...

CVE-2023-43752

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted...

Information Disclosure Vulnerability in UFIDA UAP System

UFIDA Network Technology Co., Ltd. is a leading global provider of enterprise cloud services and software. An information disclosure vulnerability exists in the UFIDA UAP system, which can be exploited by attackers to obtain sensitive...

CVE-2021-43817

Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside....

CVE-2023-39921 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through.....

CVE-2023-3741

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the...

About the security content of macOS Sonoma 14.2

About the security content of macOS Sonoma 14.2 This document describes the security content of macOS Sonoma 14.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....

Information leakage vulnerability in EG2000SE of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2023-88652)

The EG2000SE is a multi-service router. An information disclosure vulnerability exists in the EG2000SE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by attackers to obtain sensitive...

Information leakage vulnerability in the electronic document security management system of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2023-86622)

Beijing Yisetong Technology Development Co., Ltd. is a leading data security business provider in China. An information leakage vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co., Ltd, which can be exploited by attackers to...

Year in Malware 2023: Recapping the major cybersecurity stories of the past year

If there is anything the cybersecurity world learned in 2023, it's that you can never count any bad guy out. Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade....

About the security content of iOS 17.2 and iPadOS 17.2

About the security content of iOS 17.2 and iPadOS 17.2 This document describes the security content of iOS 17.2 and iPadOS 17.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...

Wordfence Intelligence Weekly WordPress Vulnerability Report (December 18, 2023 to December 31, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Over the last two weeks, there were 263 vulnerabilities disclosed in 217 WordPress Plugins and 3 WordPress themes that have been added to the...

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...

Command Execution Vulnerability in ezEip System of Beijing Wando Network Technology Co.

The ezEip system is an enterprise website management system. A command execution vulnerability exists in the ezEip system of Beijing Wando Network Technology Co. Ltd, which can be exploited by an attacker to gain server...

Downloads Resources over HTTP in co-cli-installer

Affected versions of co-cli-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Malvertisers zoom in on cryptocurrencies and initial access

During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...

Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam

Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and...

Information disclosure

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login...

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent....

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

FreeBSD : chromium -- multiple vulnerabilities (a7732806-0b2a-11ec-836b-3065ec8fd3ec)

Chrome Releases reports : This release contains 27 security fixes, including : [1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28 [1235949] High CVE-2021-30607: Use after free in Permissions....

Nagios XI SQLi Vulnerability (Dec 2013) - Active Check

Nagios XI is prone to an SQL injection (SQLi) vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...

CVE-2023-47582

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...

CVE-2023-47583

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be...

CVE-2023-47584

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...

CVE-2023-47580

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...

CVE-2023-47585

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...

CVE-2023-47586

Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be...

CVE-2023-47581

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be...

Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Isolated Webview...