Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder Security Vulnerabilities

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2024-1540)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the...

EulerOS Virtualization 2.10.0 : mozjs60 (EulerOS-SA-2024-1531)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

EulerOS Virtualization 2.10.1 : libXpm (EulerOS-SA-2024-1549)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2024-1541)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-1545)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response...

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.0 : python-jinja2 (EulerOS-SA-2024-1535)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python...

EulerOS Virtualization 2.10.0 : ncurses (EulerOS-SA-2024-1532)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...

EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2024-1526)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response...

EulerOS Virtualization 2.10.0 : binutils (EulerOS-SA-2024-1523)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2024-1559)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the...

EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-1554)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python...

EulerOS Virtualization 2.10.1 : systemd (EulerOS-SA-2024-1557)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...

EulerOS Virtualization 2.10.0 : gdb (EulerOS-SA-2024-1525)

According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at...

EulerOS Virtualization 2.10.0 : libXpm (EulerOS-SA-2024-1530)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to...

EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2024-1552)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2024-1537)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...

EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2024-1547)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...

EulerOS Virtualization 2.10.1 : tar (EulerOS-SA-2024-1558)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....

EulerOS Virtualization 2.10.1 : gdb (EulerOS-SA-2024-1544)

According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at...

EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2024-1538)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2024-1560)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...

EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2024-1527)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2024-1546)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...

EulerOS Virtualization 2.10.1 : mozjs60 (EulerOS-SA-2024-1550)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2024-1542)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....

EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2024-1551)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...

EulerOS Virtualization 2.10.0 : sqlite (EulerOS-SA-2024-1536)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...

EulerOS Virtualization 2.10.1 : sqlite (EulerOS-SA-2024-1555)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...

EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2024-1553)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...

EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....

EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2024-1534)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...

Cannabis investment scam JuicyFields ends in 9 arrests

Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...

Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.(Vulnerability ID:HWPSIRT-2023-98172) This vulnerability has been assigned a...

Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers

Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.(Vulnerability ID:HWPSIRT-2022-52860) This vulnerability has been assigned a...

Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product

A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490) This vulnerability...

Security Advisory - Huawei PC Product Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer

A Huawei PC product is vulnerable to improper restriction of operations within the bounds of a memory buffer. Successful exploitation of this vulnerability could compromise SMRAM memory, resulting in code execution in SMM.(Vulnerability ID:HWPSIRT-2023-11450) This vulnerability has been assigned a....

Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.(Vulnerability ID:HWPSIRT-2023-64955) This vulnerability has been.....

Security Advisory - Huawei PC Product Vulnerable to Improper Check for Unusual or Exceptional Conditions

A Huawei PC product is vulnerable to improper check for unusual or exceptional conditions. An attacker with the common privilege can exploit this vulnerability. Successful exploitation of this vulnerability could cause OS service exceptions.(Vulnerability ID:HWPSIRT-2023-25233) This vulnerability.....

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers...