#huawei

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Plus: MGM hackers hit more than just casinos, Microsoft researchers accidentally leak terabytes of data, and China goes on the PR offensive over cyberespionage.

It reads as if ALPHV really wants to come across as the “good guys” in this case, but I’m not sure who outside of dark web circles would be willing to feel sorry for them.

China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries. In a message posted on WeChat, the government authority said U.S. intelligence agencies have "done everything possible" to conduct surveillance, secret theft, and intrusions on

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.