A week in security (March 13 - 19)

Last week on Malwarebytes Labs: "Brad Pitt," a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06 Breast cancer photos published by ransomware gang WhatsApp refuses to weaken encryption, would rather leave UK "Just awful"...

Huawei Leia-B29 Authentication Bypass Vulnerability

The Huawei Leia-B29 is a smart bracelet from the Chinese company Huawei Huawei. An authentication bypass vulnerability exists in Huawei Leia-B29 version 2.0.0.49M03, which stems from a data processing error. An attacker can exploit the vulnerability to bypass the lock screen authentication...

CVE-2022-48254

There is a data processing error vulnerability in Leia-B29 2.0.0.49M03. Successful exploitation could bypass lock screen authentication...

CVE-2022-48254

There is a data processing error vulnerability in Leia-B29 2.0.0.49M03. Successful exploitation could bypass lock screen authentication...

Authentication flaw

There is a data processing error vulnerability in Leia-B29 2.0.0.49M03. Successful exploitation could bypass lock screen authentication...

CVE-2022-48254

There is a data processing error vulnerability in Leia-B29 2.0.0.49M03. Successful exploitation could bypass lock screen authentication...

CVE-2022-48254

There is a data processing error vulnerability in Leia-B29 2.0.0.49M03. Successful exploitation could bypass lock screen authentication...

CVE-2022-48254

The CVE-2022-48254 entry relates to Huawei Leia-B29 devices (version 2.0.0.49/M03) and describes a data processing error that can enable authentication bypass of the lock screen. Connected sources confirm the affected product (Huawei Leia-B29 / Huawei Band context) and the root cause as a data pr...

Huawei Leia-B29 授权问题漏洞

The Huawei Leia-B29 is a smart bracelet from the Chinese company Huawei Huawei. An authentication bypass vulnerability exists in Huawei Leia-B29 version 2.0.0.49M03, which stems from a data processing error. An attacker can exploit the vulnerability to bypass the lock screen authentication...

K38243073: BIG-IP ASM data processing vulnerability CVE-2017-6154

Security Advisory Description The BIG-IP ASM bd process may produce a core file under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. CVE-2017-6154 Impact The BIG-IP ASMbd process produces a core file, interrupting traffic processing and causing ...

PT-2025-49663

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the ses enclosure data process function. This issue involves a slab-out-of-bounds read condition, potentially...

CVE-2023-0616

The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...

SUSE CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

Apache NiFi XML External Entity Injection Vulnerability (CNVD-2023-23555)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. An XML external entity injection vulnerability exists in Apache NiFi versions 1.2.0 through 1.19.1, which stems fro...

Security Bulletin: IBM App Connect Enterprise Certified Container flows that use scheduled event nodes may be vulnerable to denial of service due to [CVE-2023-22467]

Summary Node.js module moment.js Luxon is used by IBM App Connect Enterprise Certified Container in the scheduled event node. IBM App Connect Enterprise Certified Container IntegrationServer and DesignerAuthoring operands that run flows containing a scheduled event node may be vulnerable to denia...

PT-2023-13602 · Ibm · Ibm Tivoli Workload Scheduler

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Workload Scheduler versions 9.4 through 10.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume...

Security Advisory - Data Processing Error Vulnerability in a Huawei Band

A Huawei band has a data processing error vulnerability. Successful exploitation could bypass lock screen authentication.Vulnerability ID:HWPSIRT-2022-11965 This vulnerability has been assigned a CVEID:CVE-2022-48254...

UBUNTU-CVE-2022-23482

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a Out of Bound Read in xrdpsecprocessmcsdataCSCORE function. There are no known workarounds for this issue. Users are advised to upgrade...

xrdp 缓冲区错误漏洞

xrdp is an open source remote desktop protocol server from Neutrinolabs Labs. A buffer error vulnerability exists in versions prior to xrdp v0.9.21, which stems from an out-of-bounds read included in the xrdpsecprocessmcsdataCSCORE function...

Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 )

Summary Kafka vulnerability affects IBM Operations Analytics Predictive Insights CVE-2022-34917. Kafka is used by IBM Operations Analytics Predictive Insight in the data ingestion and processing services. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-34917...