Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1762)
The remote host is missing an update for the Huawei...
8.6CVSS
7.1AI Score
0.051EPSS
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1730)
The remote host is missing an update for the Huawei...
6.7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1768)
The remote host is missing an update for the Huawei...
6.5CVSS
6.7AI Score
0.001EPSS
EulerOS 2.0 SP12 : ncurses (EulerOS-SA-2024-1745)
According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.(CVE-2023-45918) NCurse v6.4-20230418 was discovered to...
6.5CVSS
7.2AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2024-1771)
The remote host is missing an update for the Huawei...
7.5CVSS
7AI Score
0.963EPSS
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1773)
The remote host is missing an update for the Huawei...
5.9CVSS
7AI Score
0.963EPSS
EulerOS 2.0 SP12 : proftpd (EulerOS-SA-2024-1771)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash...
7.5CVSS
7.5AI Score
0.963EPSS
EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...
7.3CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1735)
The remote host is missing an update for the Huawei...
8CVSS
7AI Score
EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)
The remote host is missing an update for the Huawei...
7.8CVSS
6.8AI Score
EPSS
Huawei EulerOS: Security Advisory for python-pycryptodome (EulerOS-SA-2024-1752)
The remote host is missing an update for the Huawei...
5.9CVSS
6.7AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1738)
The remote host is missing an update for the Huawei...
7.5CVSS
6.9AI Score
0.024EPSS
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1740)
The remote host is missing an update for the Huawei...
7.5CVSS
7AI Score
0.008EPSS
EulerOS 2.0 SP12 : libssh2 (EulerOS-SA-2024-1765)
According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...
5.9CVSS
7.4AI Score
0.963EPSS
EulerOS Virtualization 2.11.0 : unbound (EulerOS-SA-2024-1732)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to...
8CVSS
7.2AI Score
0.05EPSS
EulerOS Virtualization 2.11.1 : bind (EulerOS-SA-2024-1712)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...
7.5CVSS
7.3AI Score
0.05EPSS
EulerOS Virtualization 2.11.0 : less (EulerOS-SA-2024-1727)
According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) Tenable has extracted the...
6.8AI Score
0.0004EPSS
EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...
8.8CVSS
8.2AI Score
0.006EPSS
EulerOS Virtualization 2.11.0 : expat (EulerOS-SA-2024-1725)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has...
5.5CVSS
6.8AI Score
0.001EPSS
EulerOS Virtualization 2.11.1 : expat (EulerOS-SA-2024-1714)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426) Tenable has...
5.5CVSS
7.2AI Score
0.001EPSS
EulerOS Virtualization 2.11.1 : unbound (EulerOS-SA-2024-1721)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to...
8CVSS
7.6AI Score
0.05EPSS
EulerOS Virtualization 2.11.0 : ncurses (EulerOS-SA-2024-1730)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function...
6.4AI Score
0.0004EPSS
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1735)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2024-1731)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...
7.5CVSS
7AI Score
0.003EPSS
EulerOS Virtualization 2.11.0 : libuv (EulerOS-SA-2024-1728)
According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...
7.3CVSS
6.5AI Score
0.001EPSS
EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)
According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in...
7.3CVSS
6.9AI Score
0.001EPSS
EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2024-1729)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...
7.5CVSS
6.9AI Score
0.0005EPSS
EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2024-1718)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...
7.5CVSS
6.9AI Score
0.0005EPSS
EulerOS Virtualization 2.11.0 : bind (EulerOS-SA-2024-1723)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It...
7.5CVSS
7.4AI Score
0.05EPSS
EulerOS Virtualization 2.11.1 : ncurses (EulerOS-SA-2024-1719)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function...
6.4AI Score
0.0004EPSS
EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2024-1733)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via...
8.8CVSS
7.8AI Score
0.006EPSS
EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1720)
According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...
7.5CVSS
7AI Score
0.003EPSS
EulerOS Virtualization 2.11.1 : less (EulerOS-SA-2024-1716)
According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.(CVE-2022-48624) Tenable has extracted the...
7.2AI Score
0.0004EPSS
EulerOS Virtualization 2.11.0 : grub2 (EulerOS-SA-2024-1726)
According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...
5.5CVSS
6.8AI Score
0.0005EPSS
EulerOS Virtualization 2.11.1 : grub2 (EulerOS-SA-2024-1715)
According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a...
5.5CVSS
7.1AI Score
0.0005EPSS
EulerOS Virtualization 2.11.0 : dnsmasq (EulerOS-SA-2024-1724)
According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a...
7.5CVSS
7.4AI Score
0.05EPSS
EulerOS Virtualization 2.11.1 : dnsmasq (EulerOS-SA-2024-1713)
According to the versions of the dnsmasq package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a...
7.5CVSS
7.4AI Score
0.05EPSS
EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1734)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation...
8CVSS
7.2AI Score
EPSS
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
10CVSS
9.3AI Score
EPSS
Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique
The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples....
7.1AI Score
0.0004EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....
7.8CVSS
7.9AI Score
0.0004EPSS
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....
7.8CVSS
7.9AI Score
0.0004EPSS
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially....
7.8CVSS
7.4AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.8CVSS
7.9AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...
7.8CVSS
7.2AI Score
0.0004EPSS
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially.....
7.8CVSS
7.4AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in...
7.8CVSS
7.8AI Score
0.0004EPSS
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in...
7.8CVSS
7.3AI Score
0.0004EPSS