Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder Security Vulnerabilities
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....
7.8CVSS
7.6AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.8CVSS
7.3AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.8CVSS
7.9AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in...
7.8CVSS
7.8AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in...
7.8CVSS
7.8AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in...
7.8CVSS
7.2AI Score
0.0004EPSS
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to...
7.2CVSS
6.9AI Score
0.0004EPSS
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to...
7.2CVSS
7AI Score
0.0004EPSS
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to...
7.2CVSS
7.1AI Score
0.0004EPSS
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to...
7.2CVSS
7AI Score
0.0004EPSS
Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...
6.4AI Score
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground...
7.1AI Score
Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks
Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed...
7.9AI Score
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
4.4CVSS
5.7AI Score
0.0004EPSS
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
4.4CVSS
4.7AI Score
0.0004EPSS
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
4.4CVSS
4.7AI Score
0.0004EPSS
Above - Invisible Network Protocol Sniffer
Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol sniffer Designed for pentesters and security engineers Author: Magama Bazarov, <[email protected]> Pseudonym: Caster Version: 2.6 ...
7.1AI Score
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.5AI Score
0.0004EPSS
Huawei YunShan OS Detection Consolidation
Consolidation of Huawei YunShan OS based network devices (including the underlying hardware device and...
7.3AI Score
Description The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for...
4.4CVSS
5.7AI Score
0.0004EPSS
Huawei YunShan OS Detection (SSH Login)
SSH login-based detection of Huawei YunShan OS based network devices (including the underlying hardware device and...
7.4AI Score
huawei-firmware.com Cross Site Scripting vulnerability OBB-3929505
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
7AI Score
0.0004EPSS
CVE-2021-47379 blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.4AI Score
0.0004EPSS
CVE-2021-47379 blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ================================================================== [693354.105094]...
6.7AI Score
0.0004EPSS
Deploy and Scale Spring Batch in the Cloud – with Adaptive Cost Control
May 21, 2024, at 9 AM PST You can now use Azure Spring Apps to effectively run Spring Batch applications with adaptive cost control. You only pay when batch jobs are running, and you can simply lift and shift your Spring Batch jobs with no code change. Spring Batch is a framework for processing...
7.2AI Score
The Importance of Bot Management in Your Marketing Strategy
Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping...
7AI Score
Huawei EulerOS: Security Advisory for python-mako (EulerOS-SA-2024-1701)
The remote host is missing an update for the Huawei...
7.5CVSS
7.6AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2024-1686)
The remote host is missing an update for the Huawei...
7.8CVSS
6.7AI Score
0.0004EPSS
EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2024-1684)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57....
7.5CVSS
7.5AI Score
0.732EPSS
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1703)
The remote host is missing an update for the Huawei...
8.1CVSS
7.4AI Score
0.01EPSS
EulerOS Virtualization 3.0.6.0 : cups (EulerOS-SA-2024-1676)
According to the versions of the cups packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible...
7CVSS
8.4AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1673)
The remote host is missing an update for the Huawei...
7.5CVSS
6.8AI Score
0.002EPSS
EulerOS Virtualization 3.0.6.0 : samba (EulerOS-SA-2024-1704)
According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions...
6.5CVSS
7.4AI Score
0.002EPSS
EulerOS Virtualization 3.0.6.0 : libtommath (EulerOS-SA-2024-1688)
According to the versions of the libtommath package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9,...
9.8CVSS
8.5AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : zlib (EulerOS-SA-2024-1710)
According to the versions of the zlib packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a...
9.8CVSS
8.2AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.6 : libtiff (EulerOS-SA-2024-1655)
According to the versions of the libtiff packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a...
6.5CVSS
8.8AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : libtiff (EulerOS-SA-2024-1687)
According to the versions of the libtiff packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a...
5.5CVSS
7.9AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2024-1679)
The remote host is missing an update for the Huawei...
7.8CVSS
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1672)
The remote host is missing an update for the Huawei...
9.8CVSS
7.1AI Score
0.003EPSS
EulerOS Virtualization 3.0.6.6 : gdb (EulerOS-SA-2024-1648)
According to the versions of the gdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on...
7.5CVSS
7.4AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.0 : binutils (EulerOS-SA-2024-1674)
According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. (CVE-2021-46174) GNU Binutils before 2.40 was...
9.8CVSS
8.3AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2024-1661)
According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...
5.3CVSS
7.6AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1709)
The remote host is missing an update for the Huawei...
7.8CVSS
8AI Score
0.273EPSS
EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2024-1685)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can...
9.8CVSS
8.3AI Score
0.001EPSS
EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2024-1666)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...
5.3CVSS
7.6AI Score
0.003EPSS