ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7544.

workrave-1.10.53-1.el8

FEDORA-EPEL-2025-93f69f60e4 Packages in this update: workrave-1.10.53-1.el8 Update description: Fixing CVE-2023-2142 Read More

April 20, 2025

DSA-5906-1 erlang – security update

Several vulnerabilities were discovered in the Erlang/OTP implementation of the SSH protocol, which may result in denial of service or...

April 20, 2025

caddy-2.10.0-1.fc42

FEDORA-2025-4518c12e2f Packages in this update: caddy-2.10.0-1.fc42 Update description: Update to version 2.10.0. Aside from the new upstream features, this update...

April 19, 2025

nextcloud-29.0.16-1.el9

FEDORA-EPEL-2025-9129f1f736 Packages in this update: nextcloud-29.0.16-1.el9 Update description: 29.0.16 release RHBZ#2345763 Read More

April 19, 2025

chromium-135.0.7049.95-1.fc42

FEDORA-2025-fb323a2b22 Packages in this update: chromium-135.0.7049.95-1.fc42 Update description: Update to 135.0.7049.95 CVE-2025-3619: Heap buffer overflow in Codecs CVE-2025-3620: Use after...

April 19, 2025

chromium-135.0.7049.95-1.fc40

FEDORA-2025-7827e4feac Packages in this update: chromium-135.0.7049.95-1.fc40 Update description: Update to 135.0.7049.95 CVE-2025-3619: Heap buffer overflow in Codecs CVE-2025-3620: Use after...

April 19, 2025

Friday Squid Blogging: Live Colossal Squid Filmed

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ZDI-24-1084: (0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

workrave-1.10.53-1.el8

DSA-5906-1 erlang – security update

caddy-2.10.0-1.fc42

nextcloud-29.0.16-1.el9

chromium-135.0.7049.95-1.fc42

chromium-135.0.7049.95-1.fc40