EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2024-1546)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service...
7.8CVSS
7.8AI Score
0.003EPSS
EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2024-1560)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow...
7.8CVSS
7.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2024-1533)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
6.5CVSS
8AI Score
0.963EPSS
EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)
According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic...
7CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2024-1538)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed...
5.9CVSS
7.2AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : tar (EulerOS-SA-2024-1558)
According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....
7.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : mozjs60 (EulerOS-SA-2024-1550)
According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...
8.8CVSS
9.6AI Score
0.752EPSS
EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2024-1553)
According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...
5.5CVSS
6.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2024-1534)
According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the...
5.5CVSS
6.9AI Score
0.0004EPSS
EulerOS Virtualization 2.10.0 : tar (EulerOS-SA-2024-1539)
According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c....
7.1AI Score
0.0004EPSS
EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2024-1551)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note...
6.5CVSS
7.9AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2024-1528)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
5.9CVSS
7.8AI Score
0.963EPSS
EulerOS Virtualization 2.10.1 : binutils (EulerOS-SA-2024-1542)
According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c....
7.8CVSS
7.7AI Score
0.001EPSS
EulerOS Virtualization 2.10.0 : sqlite (EulerOS-SA-2024-1536)
According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...
7.3CVSS
7.8AI Score
0.001EPSS
EulerOS Virtualization 2.10.1 : sqlite (EulerOS-SA-2024-1555)
According to the versions of the sqlite package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function...
7.3CVSS
7.5AI Score
0.001EPSS
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
If you're a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if you're reading this newsletter, I probably shouldn't have to tell you about that either. But one of the things...
7.8AI Score
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...
7.5AI Score
Cannabis investment scam JuicyFields ends in 9 arrests
Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...
6.8AI Score
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...
10CVSS
9.6AI Score
0.966EPSS
Security Advisory - Inappropriate Interface access Control Vulnerability in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMRAM leaks.(Vulnerability ID:HWPSIRT-2023-98172) This vulnerability has been assigned a...
7.8CVSS
6.7AI Score
0.0004EPSS
Security Advisory - Memory Overflow Vulnerability in Some Huawei Smart Speakers
Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail.(Vulnerability ID:HWPSIRT-2022-52860) This vulnerability has been assigned a...
7.2CVSS
6.9AI Score
0.0004EPSS
Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product
A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490) This vulnerability...
7.8CVSS
6.9AI Score
0.0004EPSS
A Huawei PC product is vulnerable to improper restriction of operations within the bounds of a memory buffer. Successful exploitation of this vulnerability could compromise SMRAM memory, resulting in code execution in SMM.(Vulnerability ID:HWPSIRT-2023-11450) This vulnerability has been assigned a....
7.8CVSS
7.1AI Score
0.0004EPSS
Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product
A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.(Vulnerability ID:HWPSIRT-2023-64955) This vulnerability has been.....
7.8CVSS
6.5AI Score
0.0004EPSS
A Huawei PC product is vulnerable to improper check for unusual or exceptional conditions. An attacker with the common privilege can exploit this vulnerability. Successful exploitation of this vulnerability could cause OS service exceptions.(Vulnerability ID:HWPSIRT-2023-25233) This vulnerability.....
7.8CVSS
6.7AI Score
0.0004EPSS
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...
7.3AI Score
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers...
7.5AI Score
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...
7.3AI Score
Hi Team, I noticed a bug in the licenses which may lead to extend the expire date of existing license. To be honest, it is hard for me to reproduce it. I was plan to see if the license still works after ███████. I think it's better to report this issue to you althought it may prove it is just a...
6.9AI Score
Friday Squid Blogging: The Awfulness of Squid Fishing Boats
It's a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines...
7.2AI Score
How to change your Social Security Number
After seeing their Social Security Number (SSN) leaked in the AT&T breach, some US citizens are wondering if and how they can change their SSN. The good news is that even though it’s a challenging process, it is possible. But if you've ever had to abandon an email address that you used for years,.....
6.8AI Score
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...
7.2AI Score
New ransomware group demands Change Healthcare ransom
The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of "highly selective data," which relates to "all Change Health clients that have sensitive data being...
7.2AI Score
CL0P's Ransomware Rampage - Security Measures for 2024
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to....
9.8CVSS
7.4AI Score
EPSS
35-year long identity theft leads to imprisonment for victim
Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...
7AI Score
EulerOS 2.0 SP9 : unbound (EulerOS-SA-2024-1500)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of...
7.5CVSS
7.7AI Score
0.05EPSS
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1491)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...
5.5CVSS
6AI Score
0.002EPSS
EulerOS 2.0 SP9 : shim (EulerOS-SA-2024-1497)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response....
8.3CVSS
8.1AI Score
0.025EPSS
EulerOS 2.0 SP9 : bind (EulerOS-SA-2024-1481)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service...
7.5CVSS
7.7AI Score
0.05EPSS
EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-1494)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid...
5.9CVSS
7.2AI Score
0.001EPSS
EulerOS 2.0 SP9 : graphviz (EulerOS-SA-2024-1487)
According to the versions of the graphviz package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because...
7.8CVSS
7AI Score
0.001EPSS
EulerOS 2.0 SP9 : sqlite (EulerOS-SA-2024-1498)
According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the...
7.3CVSS
7.8AI Score
0.001EPSS
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...
6.8AI Score
0.0004EPSS
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect...
6.8AI Score
0.0004EPSS
Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect...
6.8AI Score
0.0004EPSS