CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities
Security Advisory - Privilege Escalation Vulnerability in Huawei Product
There is a privilege escalation vulnerability in some Huawei products. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise...
6.7CVSS
6.6AI Score
0.0004EPSS
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of...
7.5CVSS
7.3AI Score
0.001EPSS
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal...
7.8CVSS
7.7AI Score
0.001EPSS
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of...
7.5CVSS
7.4AI Score
0.001EPSS
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory...
7.5CVSS
7.5AI Score
0.002EPSS
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal...
7.8CVSS
7.8AI Score
0.001EPSS
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory...
7.5CVSS
7.5AI Score
0.002EPSS
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of...
7.5CVSS
7.3AI Score
0.001EPSS
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal...
7.8CVSS
7.7AI Score
0.001EPSS
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory...
7.5CVSS
7.5AI Score
0.002EPSS
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal...
7.8AI Score
0.001EPSS
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of...
7.4AI Score
0.001EPSS
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory...
7.5AI Score
0.002EPSS
Huawei CloudEngine 1800V Denial of Service Vulnerability
Huawei CloudEngine 1800V is an 1800V series data center switch from Huawei of China. Huawei CloudEngine 1800V denial of service vulnerability can be exploited by remote attackers to submit special requests that can prevent messages received by the system from being forwarded properly for denial of....
7.5CVSS
4.1AI Score
0.001EPSS
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...
6.7CVSS
6.6AI Score
0.0004EPSS
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...
6.7CVSS
6.5AI Score
0.0004EPSS
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded...
7.5CVSS
7.5AI Score
0.001EPSS
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded...
7.5CVSS
7.4AI Score
0.001EPSS
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded...
7.5CVSS
7.4AI Score
0.001EPSS
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...
6.7CVSS
6.7AI Score
0.0004EPSS
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded...
7.5AI Score
0.001EPSS
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...
6.6AI Score
0.0004EPSS
Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product
There is a memory leak vulnerability in Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. (Vulnerability ID:....
7.5CVSS
7AI Score
0.002EPSS
Security Advisory - Out of Bound Read Vulnerability in Huawei Product
There is an out of bound read vulnerability in some products. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. (Vulnerability ID: HWPSIRT-2020-24601) This vulnerability has been assigned....
7.5CVSS
6.9AI Score
0.001EPSS
Security Advisory - Improper Authentication Vulnerability in Huawei Product
There is an improper authentication vulnerability in Huawei Products. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. (Vulnerability ID:...
7.8CVSS
7.3AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Huawei Product
There is an information leak vulnerability in Huawei product. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. (Vulnerability ID: HWPSIRT-2020-06053) This vulnerability has been...
6.5CVSS
6.3AI Score
0.001EPSS
Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone
There is an out-of-bound read vulnerability in huawei smartphone Mate 30. An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the...
6.7CVSS
6.1AI Score
0.0004EPSS
NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a...
9.8CVSS
9.9AI Score
0.534EPSS
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...
9.8CVSS
9.9AI Score
0.534EPSS
Description of the security update for SharePoint Foundation 2013: December 8, 2020
Description of the security update for SharePoint Foundation 2013: December 8, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
7.7AI Score
0.025EPSS
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access...
9.8CVSS
9.1AI Score
0.003EPSS
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access...
9.8CVSS
8.9AI Score
0.003EPSS
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access...
9.8CVSS
8.7AI Score
0.003EPSS
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access...
9.1AI Score
0.003EPSS
Chromium is vulnerable to content security bypass. An attacker may by pass content security via a crafted HTML...
6.5CVSS
1.5AI Score
0.003EPSS
Security Advisory - Resource Management Error Vulnerability in Huawei CloudEngine 1800V Product
CloudEngine 1800V product has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. (Vulnerability ID: HWPSIRT-2020-86502) This vulnerability has...
7.5CVSS
7.1AI Score
0.001EPSS
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
There is a privilege escalation vulnerability in some Huawei products. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. (Vulnerability ID:...
6.7CVSS
6.5AI Score
0.0004EPSS
Description of the security update for SharePoint Foundation 2013: November 10, 2020
Description of the security update for SharePoint Foundation 2013: November 10, 2020 NoticeWe declare System.Web.UI.WebControls.PasswordRecovery to be an unsafe control because of security concerns. Therefore, we recommend that you no longer user it. Summary This security update resolves...
6AI Score
0.013EPSS
7.8CVSS
7.9AI Score
0.004EPSS
Ubuntu 16.04 LTS : Yerase's TNEF vulnerabilities (USN-4615-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4615-1 advisory. An issue was discovered in ytnef before 1.9.1. This is related to a patch described as 1 of 9. Null Pointer Deref / calloc return value not checked....
7.8CVSS
7.3AI Score
0.004EPSS
It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299,...
7.8CVSS
6.8AI Score
0.004EPSS
Releases Ubuntu 16.04 ESM Packages libytnef - Yerases TNEF Stream Reader library Details It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those...
7.8CVSS
6.8AI Score
0.004EPSS
Denial of Service Vulnerability in Some Huawei Products (huawei-sa-20200527-01-dos)
There is a denial of service vulnerability in some Huawei...
7.5CVSS
7AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: October 13, 2020
Description of the security update for SharePoint Foundation 2013: October 13, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
7.5AI Score
0.909EPSS
Security Advisory - QEMU Out-of-bound Read and Write Vulnerability in Huawei Product
An out-of-bound read and write access vulnerability was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest. Attackers can use this vulnerability to crash the QEMU process resulting in DoS or potentially execute arbitrary code with the privileges of the QEMU.....
5CVSS
6.6AI Score
0.0005EPSS
Description of the security update for SharePoint Foundation 2013: September 8, 2020
Description of the security update for SharePoint Foundation 2013: September 8, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the.....
7.7AI Score
0.013EPSS
NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)
The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...
9.8CVSS
0.6AI Score
0.534EPSS
NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0046)
The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...
9.8CVSS
0.5AI Score
0.534EPSS
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number....
9.8CVSS
9.4AI Score
0.014EPSS
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number....
9.8CVSS
9.4AI Score
0.014EPSS