6.7AI Score
0.006EPSS
6.7AI Score
0.006EPSS
Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...
0.5AI Score
0.006EPSS
Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...
0.5AI Score
0.006EPSS
[SECURITY] Fedora 20 Update: xen-4.3.3-5.fc20
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.006EPSS
[SECURITY] Fedora 19 Update: xen-4.2.5-5.fc19
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.006EPSS
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...
7.4AI Score
0.027EPSS
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...
7.5AI Score
0.027EPSS
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...
7.8AI Score
0.027EPSS
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...
7.4AI Score
0.027EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...
3.7AI Score
0.003EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...
6.2AI Score
0.003EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...
6.3AI Score
0.003EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...
6.8AI Score
0.003EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...
6AI Score
0.003EPSS
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Bugs ...
2.4AI Score
0.003EPSS
Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web...
7.2AI Score
0.027EPSS
Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
ISSUE DESCRIPTION An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step. IMPACT Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack.....
6.2AI Score
0.003EPSS
Security Advisory-Bash Code Injection Vulnerability
This security advisory (SA) describes the impact of 6 Bash vulnerabilities discovered in third-party software (Vulnerability ID: HWPSIRT-2014-0951). 1.OS Command Injections vulnerability (CVE-2014-6271). GNU Bash through 4.3 processes trailing strings after function definitions in the values of...
9.8CVSS
4AI Score
0.976EPSS
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...
1AI Score
0.928EPSS
Twitter Files Suit Over Government Restrictions on National Security Letter Data
Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free...
0.2AI Score
0.1AI Score
7.1AI Score
0.2AI Score
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98 ...
1.5AI Score
0.976EPSS
VxWorks安全初探 404@KnownSec 0x00 前言 关于VxWorks,这里引用44CON议题《攻击 VxWorks:从石器时代到星际》探究 一文章中的介绍: VxWorks 是世界上使用最广泛的一种在嵌入式系统中部署的实时操作系统,是由美国WindRiver公司(简称风河公司,即WRS 公司)于1983年设计开发的。其市场范围跨越所有的安全关键领域,仅举几例,包括火星好奇心流浪者、波音787梦幻客机、网络路由器。这些应用程序的安全高危性质使得VxWorks的安全被高度关注。 VxWorks操作系统是由美国Wind...
7.2AI Score
Security Advisory-Apache Struts2 vulnerability on Huawei multiple products
Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. (Vulnerability ID: HWPSIRT-2014-0420) This Vulnerability has been assigned Common.....
2.2AI Score
0.971EPSS
7.1AI Score
Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation
No description provided by...
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x Remote Root/SYSTEM Exploit
No description provided by...
7.1AI Score
Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products
This security advisory (SA) describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability (CVE-2014-0224). An unauthenticated, remote attacker with the ability to...
7.4CVSS
1.6AI Score
0.974EPSS
openSUSE Security Update : otrs (openSUSE-SU-2013:1338-1)
The ticket system OTRS was updated to 3.1.18 to fix various bugs and security issues. Update to 3.1.18 : OSA-2013-05, CVE-2013-4717, CVE-2013-4718 fixed. Fixed bug#9561 - ACL restriction with CustomerID for DynamicFields at new Ticket screen not working. Fixed bug#9425 - Wrong created...
8.8CVSS
-0.2AI Score
0.371EPSS
Localize: User credentials are sent in clear text
Vulnerability description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. This vulnerability affects /pages/sign_up. Discovered by: MANUALLY Attack details...
-0.2AI Score
Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private.....
7.5CVSS
2.6AI Score
0.975EPSS
Huawei eSpace Meeting Service 'eMservice.exe'本地权限提升漏洞
Bugtraq ID:66107 Huawei eSpace Meeting是一款移动视频解决方案。 Huawei eSpace Meeting产品的用户权限设置不合理。获取普通用户权限的攻击者,可以通过特定的操作,提升权限并访问和设置某些关键资源。 0 Huawei eSpace Meeting 1.x 厂商补丁: Huawei Huawei eSpace Meeting V100R001C03SPC202已经修复该漏洞,建议用户下载更新:...
7.1AI Score
Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation
Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege...
0.6AI Score
7.4AI Score
EPSS
Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation
Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation...
7.1AI Score
0.8AI Score
Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation
Title: Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation Advisory ID: ZSL-2014-5171 Type: Local Impact: Privilege Escalation Risk: (3/5) Release Date: 10.03.2014 Summary Huawei's eSpace Meeting solution fully meets the needs of enterprise customers for an integrated...
7CVSS
6.9AI Score
0.001EPSS
Security Advisory-Improper User Permission Setting Vulnerability in Huawei eSpace Meeting
User permissions are not properly set on Huawei eSpace Meeting. Attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. (HWPSIRT-2014-0241). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...
7CVSS
6.5AI Score
0.001EPSS
RSA Conference 2014 Art Coviello RSA keynote
SAN FRANCISCO – RSA Security executive chairman Art Coviello today at RSA Conference 2014 made his first public comments about the security company’s relationship with the National Security Agency, painting the landmark firm as a victim of the spy agency’s blurring of the lines between its...
-0.2AI Score
Threat Outbreak Alert: Fake Online Order Details Email Messages on February 8, 2014
Medium Alert ID: 32785 First Published: 2014 February 10 18:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to French-language spam email messages that claim to contain an online order notification for the recipient. The text in the email message attempts to...
0.2AI Score
Threat Outbreak Alert: Fake Purchase Order Notification Email Messages on November 13, 2013
Medium Alert ID: 31769 First Published: 2013 November 14 17:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the...
-0.1AI Score