Read Time:8 Second
The donation websites of the UK’s seven major political parties are missing critical security features to protect the accounts of donors, according to DataDome
Monthly Archives: August 2024
Novel Android Malware Steals Card NFC Data For ATM Withdrawals
Read Time:5 Second
ESET claims new NGate Android malware relays NFC data to steal card details for ATM cash-out
Backdoor in Mifare Smart Cards Could Open Doors Around the World
Read Time:4 Second
Quarklabs researchers claim millions of contactless key cards could be cloned via a backdoor
ZDI-24-1161: Linux Kernel vmwgfx Driver Out-Of-Bounds Read Information Disclosure Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-36960.
ZDI-24-1162: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-5579.
ZDI-24-1163: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-5580.
ZDI-24-1164: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-5581.
ZDI-24-1165: Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30372.
ZDI-24-1166: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7502.
ZDI-24-1167: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7502.