EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2024-1540)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the...
4.7CVSS
7.7AI Score
0.0005EPSS
EulerOS Virtualization 2.10.0 : mozjs60 (EulerOS-SA-2024-1531)
According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...
8.8CVSS
9.7AI Score
0.752EPSS
EulerOS Virtualization 2.10.1 : libXpm (EulerOS-SA-2024-1549)
According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to...
7.8CVSS
8.3AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...
6.5CVSS
7.1AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1543)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...
6.5CVSS
7.3AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2024-1541)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...
7.8CVSS
7.6AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2024-1545)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response...
7.5CVSS
7.4AI Score
0.008EPSS
EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
EulerOS Virtualization 2.10.0 : python-jinja2 (EulerOS-SA-2024-1535)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python...
6.1CVSS
6.6AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : ncurses (EulerOS-SA-2024-1532)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...
6.5CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : gnutls (EulerOS-SA-2024-1526)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response...
7.5CVSS
7.5AI Score
0.008EPSS
EulerOS Virtualization 2.10.0 : binutils (EulerOS-SA-2024-1523)
According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....
7.8CVSS
8.1AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2024-1559)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the...
4.7CVSS
7.7AI Score
0.0005EPSS
EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-1554)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python...
6.1CVSS
6.6AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : systemd (EulerOS-SA-2024-1557)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...
5.9CVSS
7.5AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : gdb (EulerOS-SA-2024-1525)
According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at...
5.5CVSS
8.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : libXpm (EulerOS-SA-2024-1530)
According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to...
7.8CVSS
8.3AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2024-1552)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8AI Score
0.963EPSS
EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.5AI Score
0.963EPSS
EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2024-1537)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...
7CVSS
7.6AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2024-1547)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.4AI Score
0.963EPSS
EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...
7CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : tar (EulerOS-SA-2024-1558)
According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....
7.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : gdb (EulerOS-SA-2024-1544)
According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at...
5.5CVSS
8.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2024-1538)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...
5.9CVSS
7.2AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2024-1560)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...
7.8CVSS
7.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8AI Score
0.963EPSS
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2024-1527)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...
7.8CVSS
7.8AI Score
0.003EPSS
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2024-1546)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...
7.8CVSS
7.8AI Score
0.003EPSS
EulerOS Virtualization 2.10.1 : mozjs60 (EulerOS-SA-2024-1550)
According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...
8.8CVSS
9.6AI Score
0.752EPSS
EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2024-1542)
According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....
7.8CVSS
7.7AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2024-1551)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...
6.5CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : sqlite (EulerOS-SA-2024-1536)
According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...
7.3CVSS
7.8AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : sqlite (EulerOS-SA-2024-1555)
According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...
7.3CVSS
7.5AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2024-1553)
According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...
5.5CVSS
6.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)
According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....
7.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2024-1534)
According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...
5.5CVSS
6.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...
7.8AI Score
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
7.5AI Score
Cannabis investment scam JuicyFields ends in 9 arrests
Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...
6.8AI Score
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...
10CVSS
9.6AI Score
0.966EPSS
Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.(Vulnerability ID:HWPSIRT-2023-98172) This vulnerability has been assigned a...
7.8CVSS
6.7AI Score
0.0004EPSS
Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.(Vulnerability ID:HWPSIRT-2022-52860) This vulnerability has been assigned a...
7.2CVSS
6.9AI Score
0.0004EPSS
Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product
A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490) This vulnerability...
7.8CVSS
6.9AI Score
0.0004EPSS
A Huawei PC product is vulnerable to improper restriction of operations within the bounds of a memory buffer. Successful exploitation of this vulnerability could compromise SMRAM memory, resulting in code execution in SMM.(Vulnerability ID:HWPSIRT-2023-11450) This vulnerability has been assigned a....
7.8CVSS
7.1AI Score
0.0004EPSS
Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.(Vulnerability ID:HWPSIRT-2023-64955) This vulnerability has been.....
7.8CVSS
6.5AI Score
0.0004EPSS
A Huawei PC product is vulnerable to improper check for unusual or exceptional conditions. An attacker with the common privilege can exploit this vulnerability. Successful exploitation of this vulnerability could cause OS service exceptions.(Vulnerability ID:HWPSIRT-2023-25233) This vulnerability.....
7.8CVSS
6.7AI Score
0.0004EPSS
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...
7.3AI Score
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers...
7.5AI Score