Lucene search

K

DP300,TE60,TP3106,ViewPoint 9030,eCNS210 TD,eSpace 7950,eSpace IAD,eSpace U1981 Security Vulnerabilities

mskb
mskb

Description of the security update for SharePoint Foundation 2013: November 13, 2018

Description of the security update for SharePoint Foundation 2013: November 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

8.6AI Score

0.47EPSS

2018-11-13 08:00 AM
13
n0where
n0where

Transparent Tor for Windows: Tallow

Tallow is a small program that redirects all outbound traffic from a Windows machine via the Tor anonymity network. Any traffic that cannot be handled by Tor, e.g. UDP, is blocked. Tallow also intercepts and handles DNS requests preventing potential leaks. Tallow has several applications,...

0.4AI Score

2018-11-08 04:01 AM
57
akamaiblog
akamaiblog

BGP Route Hijacking

Yes, we can minimize the BGP Hijacking Risk Every day we see something new about the global security threat. It is hard to keep track of all the various ways your network can be attacked. But there are some threat-vectors which need particular attention. "Did you know that a threat-actor with 20...

-0.1AI Score

2018-11-05 03:06 PM
101
sslabuse
sslabuse

OrcusRAT C&C

List of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities. OrcusRAT C&C aggregated IOC by SSL Blacklist...

6.9AI Score

2018-10-16 06:32 AM
71
openbugbounty
openbugbounty

cinematheque.fr XSS vulnerability

Open Bug Bounty ID: OBB-684236 Description| Value ---|--- Affected Website:| cinematheque.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-10-09 01:51 PM
27
impervablog
impervablog

Explainer Series: RDaaS Security and Managing Compliance Through Database Audit and Monitoring Controls

As organizations move to cloud database platforms they shouldn't forget that data security and compliance requirements remain an obligation. This article explains how you can apply database audit and monitoring controls using Imperva SecureSphere V13.2 when migrating to database as a service cloud....

0.1AI Score

2018-09-17 08:49 PM
32
openbugbounty
openbugbounty

lavoixdunord-espace-abonnement.lavoix.com XSS vulnerability

Open Bug Bounty ID: OBB-677023 Description| Value ---|--- Affected Website:| lavoixdunord-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3.....

AI Score

2018-09-16 10:46 AM
12
openbugbounty
openbugbounty

lunion-espace-abonnement.lavoix.com XSS vulnerability

Open Bug Bounty ID: OBB-676916 Description| Value ---|--- Affected Website:| lunion-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3...

AI Score

2018-09-15 11:20 AM
6
openbugbounty
openbugbounty

grandes-ecoles.studyrama.com XSS vulnerability

Open Bug Bounty ID: OBB-669692 Description| Value ---|--- Affected Website:| grandes-ecoles.studyrama.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-27 02:43 AM
9
openbugbounty
openbugbounty

agoradataclub.com XSS vulnerability

Open Bug Bounty ID: OBB-664667 Description| Value ---|--- Affected Website:| agoradataclub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-15 09:51 AM
8
huawei
huawei

Security Advisory - CPU Side Channel Vulnerability "L1TF"

Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations. These...

6.4CVSS

0.4AI Score

EPSS

2018-08-15 12:00 AM
163
openbugbounty
openbugbounty

espace-des-marques.com XSS vulnerability

Open Bug Bounty ID: OBB-661026 Description| Value ---|--- Affected Website:| espace-des-marques.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-08 11:01 PM
11
openvas
openvas

Huawei eSpace Unified Gateway Detection (Telnet)

Telnet based detection of Huawei eSpace Unified...

7.1AI Score

2018-08-01 12:00 AM
18
prion
prion

Security feature bypass

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-31 02:29 PM
2
nvd
nvd

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.7AI Score

0.002EPSS

2018-07-31 02:29 PM
cve
cve

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-31 02:29 PM
21
cvelist
cvelist

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.7AI Score

0.002EPSS

2018-07-31 02:00 PM
hackerone
hackerone

Slack: Bypass of the SSRF protection in Event Subscriptions parameter.

The vulnerability is present in the "Event Subscriptions" parameter where: "Your app can subscribe to be notified of events in Slack (for example, when a user adds a reaction or creates a file) at a URL you choose. ". URL: https://api.slack.com/apps/YOUAPPCODE/event-subscriptions? When we add a...

0.4AI Score

2018-07-24 03:39 PM
69
impervablog
impervablog

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to...

-0.1AI Score

2018-07-18 04:00 PM
55
nvd
nvd

CVE-2018-13086

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any...

7.5CVSS

7.7AI Score

0.001EPSS

2018-07-03 01:29 AM
prion
prion

Integer overflow

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any...

7.5CVSS

7.7AI Score

0.001EPSS

2018-07-03 01:29 AM
huawei
huawei

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-03 12:00 AM
7
cve
cve

CVE-2017-17317

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00;....

3.7CVSS

4.8AI Score

0.002EPSS

2018-07-02 01:29 PM
27
prion
prion

Design/Logic Flaw

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to...

5.3CVSS

5.2AI Score

0.002EPSS

2018-07-02 01:29 PM
3
prion
prion

Buffer overflow

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00;....

3.7CVSS

4.7AI Score

0.002EPSS

2018-07-02 01:29 PM
4
nvd
nvd

CVE-2017-17317

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00;....

3.7CVSS

4.6AI Score

0.002EPSS

2018-07-02 01:29 PM
1
nvd
nvd

CVE-2017-17316

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to...

5.3CVSS

5.3AI Score

0.002EPSS

2018-07-02 01:29 PM
2
cve
cve

CVE-2017-17316

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to...

5.3CVSS

5.3AI Score

0.002EPSS

2018-07-02 01:29 PM
25
cvelist
cvelist

CVE-2017-17317

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00;....

4.6AI Score

0.002EPSS

2018-07-02 01:00 PM
cvelist
cvelist

CVE-2017-17316

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to...

5.3AI Score

0.002EPSS

2018-07-02 01:00 PM
huawei
huawei

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some Huawei products. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages,...

5.3CVSS

5.3AI Score

0.002EPSS

2018-06-30 12:00 AM
15
huawei
huawei

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in the Common Open Policy Service Protocol (COPS) module of some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation,...

3.7CVSS

4.9AI Score

0.002EPSS

2018-06-30 12:00 AM
14
nvd
nvd

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault....

5.5CVSS

5.1AI Score

0.001EPSS

2018-06-21 01:29 PM
prion
prion

Design/Logic Flaw

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault....

5.5CVSS

6.6AI Score

0.001EPSS

2018-06-21 01:29 PM
1
debiancve
debiancve

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault....

5.5CVSS

5.4AI Score

0.001EPSS

2018-06-21 01:29 PM
19
cve
cve

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault....

5.5CVSS

5.6AI Score

0.001EPSS

2018-06-21 01:29 PM
42
cvelist
cvelist

CVE-2016-10723

An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault....

5.4AI Score

0.001EPSS

2018-06-21 01:00 PM
ubuntucve
ubuntucve

CVE-2016-10723

** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via...

5.5CVSS

5.4AI Score

0.001EPSS

2018-06-21 12:00 AM
6
ibm
ibm

Security Bulletin: There are multiple vulnerabilities in IBM Java Runtime and Apache Tomcat that affect IBM Cognos Business Viewpoint

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 used by IBM Cognos Business Viewpoint. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulernabilities in Apache Tomcat also affect IBM Cognos Business Viewpoint. Vulnerability...

9.8CVSS

1AI Score

0.251EPSS

2018-06-15 11:18 PM
8
ibm
ibm

Security Bulletin: OpenSSL Heartbleed Vulnerability and Impact to Cognos Peformance Management Products

Summary OpenSSL Heartbleed Vulnerability OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable Vulnerability Details What is OpenSSL Heartbleed The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information...

0.3AI Score

2018-06-15 10:30 PM
11
huawei
huawei

Security Advisory - OpenSSL Vulnerability in Some Huawei Products

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2018-03073) This...

6.5CVSS

1.6AI Score

0.009EPSS

2018-06-13 12:00 AM
29
mskb
mskb

Description of the security update for SharePoint Foundation 2013: June 12, 2018

Description of the security update for SharePoint Foundation 2013: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

6.2AI Score

0.005EPSS

2018-06-12 07:00 AM
24
packetstorm

0.4AI Score

2018-06-12 12:00 AM
31
huawei
huawei

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. (Vulnerability ID:...

5.6CVSS

AI Score

0.976EPSS

2018-06-06 12:00 AM
44
nvd
nvd

CVE-2018-7950

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.8AI Score

0.002EPSS

2018-06-01 02:29 PM
nvd
nvd

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
prion
prion

Input validation

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.7AI Score

0.002EPSS

2018-06-01 02:29 PM
1
prion
prion

Cross site scripting

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
3
cve
cve

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
21
cve
cve

CVE-2018-7950

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.6AI Score

0.002EPSS

2018-06-01 02:29 PM
24
Total number of security vulnerabilities1411