Aggregator

A vulnerability classified as critical was found in Google Android 14. Affected by this vulnerability is the function injectInputEventToInputFilter of the file AccessibilityManagerService.java. The manipulation leads to permission issues. This vulnerability is known as CVE-2024-0038. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 11/12/12L/13 and classified as problematic. This vulnerability affects unknown code of the component ca-certificates. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-40104. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 11/12/12L/13/14. It has been classified as critical. Affected is the function createFromParcel of the file UsbConfiguration.java. The manipulation leads to permission issues. This vulnerability is traded as CVE-2023-40109. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 11/12/12L/13/14. It has been classified as problematic. Affected is the function btif_to_bta_response of the file btif_gatt_util.cc. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-0030. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.

A vulnerability has been found in PHP and classified as problematic. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2012-3450. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Author/Presenter: Charles Fox

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack The PHP Engine appeared first on Security Boulevard.

CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [...]

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. [...]

suicid Claims to have Leaked the Data of KreyolCuisine

CVE-2024-53376: CyberPanel Authenticated RCE < 2.3.8

The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.