ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7544.

cacti-1.2.30-1.el8 cacti-spine-1.2.30-1.el8

FEDORA-EPEL-2025-ba03a05138 Packages in this update: cacti-1.2.30-1.el8 cacti-spine-1.2.30-1.el8 Update description: Update cacti and cacti-spine to version 1.2.30. This includes the upstream...

April 15, 2025

cacti-1.2.30-1.el9 cacti-spine-1.2.30-1.el9

FEDORA-EPEL-2025-19d7286f00 Packages in this update: cacti-1.2.30-1.el9 cacti-spine-1.2.30-1.el9 Update description: Update cacti and cacti-spine to version 1.2.30. This includes the upstream...

April 15, 2025

USN-7437-1: CImg library vulnerabilities

It was discovered that the CImg library did not properly check the size of images before loading them. An attacker...

April 15, 2025

mujs-1.0.9-2.el8

FEDORA-EPEL-2025-141926b526 Packages in this update: mujs-1.0.9-2.el8 Update description: Backport upstream fix for CVE-2021-33796. https://nvd.nist.gov/vuln/detail/CVE-2021-33796 Read More

April 14, 2025

USN-7436-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a...

April 14, 2025

USN-7435-1: Protocol Buffers vulnerability

It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Java bindings. An attacker could...

April 14, 2025

North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Compliance Now Biggest Cyber Challenge for UK Financial Services

Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities

LabHost Phishing Mastermind Sentenced to 8.5 Years

Closing the Gap: How to Build a Consistent Exposure and Vulnerability Management Workflow

Trump Revenge Tour Targets Cyber Leaders, Elections

Upcoming Speaking Engagements

Major WordPress Plugin Flaw Exploited in Under 4 Hours

ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

cacti-1.2.30-1.el8 cacti-spine-1.2.30-1.el8

cacti-1.2.30-1.el9 cacti-spine-1.2.30-1.el9

USN-7437-1: CImg library vulnerabilities

mujs-1.0.9-2.el8

USN-7436-1: WebKitGTK vulnerabilities

USN-7435-1: Protocol Buffers vulnerability