Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder Security Vulnerabilities

CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect...

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

CVE-2024-36501

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect...

CVE-2024-36500

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service...

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

...

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects....

Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to the auto-delete control when enabling Location History by...

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

Huawei EulerOS: Security Advisory for linux-sgx (EulerOS-SA-2024-1804)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1791)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2024-1792)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1785)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1793)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1786)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2024-1787)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1793)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1788)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1796)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1798)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1805)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1806)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that...

EulerOS 2.0 SP11 : dnsmasq (EulerOS-SA-2024-1784)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of...

EulerOS 2.0 SP11 : unbound (EulerOS-SA-2024-1807)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1800)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is...

EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2024-1805)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1795)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2024-1783)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1787)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1801)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1797)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1800)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1788)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : docker-engine (EulerOS-SA-2024-1797)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache...