Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder Security Vulnerabilities
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...
7.3AI Score
Hi Team, I noticed a bug in the licenses which may lead to extend the expire date of existing license. To be honest, it is hard for me to reproduce it. I was plan to see if the license still works after ███████. I think it's better to report this issue to you althought it may prove it is just a...
6.9AI Score
Friday Squid Blogging: The Awfulness of Squid Fishing Boats
It's a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
How to change your Social Security Number
After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if you've ever had to abandon an email address that you used for years,.....
6.8AI Score
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...
7.2AI Score
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...
7.2AI Score
CL0P's Ransomware Rampage - Security Measures for 2024
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to....
9.8CVSS
7.4AI Score
EPSS
35-year long identity theft leads to imprisonment for victim
Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...
7AI Score
EulerOS 2.0 SP9 : shim (EulerOS-SA-2024-1497)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....
8.3CVSS
8.1AI Score
0.025EPSS
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1491)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...
5.5CVSS
6AI Score
0.002EPSS
EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-1500)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of...
7.5CVSS
7.7AI Score
0.05EPSS
EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-1494)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid...
5.9CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP9 : bind (EulerOS-SA-2024-1481)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...
7.5CVSS
7.7AI Score
0.05EPSS
EulerOS 2.0 SP9 : graphviz (EulerOS-SA-2024-1487)
According to the versions of the graphviz package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because...
7.8CVSS
7AI Score
0.001EPSS
EulerOS 2.0 SP9 : sqlite (EulerOS-SA-2024-1498)
According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the...
7.3CVSS
7.8AI Score
0.001EPSS
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...
6.8AI Score
0.0004EPSS
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...
6.8AI Score
0.0004EPSS
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect...
6.7AI Score
0.0004EPSS
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS
Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service...
6.9AI Score
0.0004EPSS
Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of package name verification being bypassed in the Calendar app. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect...
7AI Score
0.0004EPSS
Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the power module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS