Smarthome,HiAPP,HwParentControl,HwParentControlParent,Crowdtest,HiWallet,Huawei Pay,Skytone,HwCloudDrive(EMUI6.0),HwPhoneFinder Security Vulnerabilities

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2024-1546)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2024-1560)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...

EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...

EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2024-1538)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...

EulerOS Virtualization 2.10.1 : tar (EulerOS-SA-2024-1558)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....

EulerOS Virtualization 2.10.1 : mozjs60 (EulerOS-SA-2024-1550)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2024-1553)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...

EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2024-1534)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...

EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....

EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2024-1551)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...

EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2024-1542)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....

EulerOS Virtualization 2.10.0 : sqlite (EulerOS-SA-2024-1536)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...

EulerOS Virtualization 2.10.1 : sqlite (EulerOS-SA-2024-1555)

According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...

Cannabis investment scam JuicyFields ends in 9 arrests

Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...

Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.(Vulnerability ID:HWPSIRT-2023-98172) This vulnerability has been assigned a...

Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers

Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.(Vulnerability ID:HWPSIRT-2022-52860) This vulnerability has been assigned a...

Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product

A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490) This vulnerability...

Security Advisory - Huawei PC Product Vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer

A Huawei PC product is vulnerable to improper restriction of operations within the bounds of a memory buffer. Successful exploitation of this vulnerability could compromise SMRAM memory, resulting in code execution in SMM.(Vulnerability ID:HWPSIRT-2023-11450) This vulnerability has been assigned a....

Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.(Vulnerability ID:HWPSIRT-2023-64955) This vulnerability has been.....

Security Advisory - Huawei PC Product Vulnerable to Improper Check for Unusual or Exceptional Conditions

A Huawei PC product is vulnerable to improper check for unusual or exceptional conditions. An attacker with the common privilege can exploit this vulnerability. Successful exploitation of this vulnerability could cause OS service exceptions.(Vulnerability ID:HWPSIRT-2023-25233) This vulnerability.....

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers...

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...

PortSwigger Web Security: Incorrect logic when buy one more license which may lead to extend the expire date of existing license

Hi Team, I noticed a bug in the licenses which may lead to extend the expire date of existing license. To be honest, it is hard for me to reproduce it. I was plan to see if the license still works after ███████. I think it's better to report this issue to you althought it may prove it is just a...

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

It's a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...

How to change your Social Security Number

After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if you've ever had to abandon an email address that you used for years,.....

New ransomware group demands Change Healthcare ransom

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...

New ransomware group demands Change Healthcare ransom

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to....

35-year long identity theft leads to imprisonment for victim

Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...

EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-1500)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1491)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

EulerOS 2.0 SP9 : shim (EulerOS-SA-2024-1497)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....

EulerOS 2.0 SP9 : bind (EulerOS-SA-2024-1481)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-1494)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid...

EulerOS 2.0 SP9 : graphviz (EulerOS-SA-2024-1487)

According to the versions of the graphviz package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because...

EulerOS 2.0 SP9 : sqlite (EulerOS-SA-2024-1498)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...

CVE-2024-27895

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect...

CVE-2024-27897

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...

CVE-2023-52386

Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52385

Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...

CVE-2023-52364

Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds...

CVE-2024-27897

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...

CVE-2024-27896

Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...