ESpace 7910; ESpace 7950; ESpace 8950 Security Vulnerabilities
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4)...
7.3AI Score
0.001EPSS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified...
6AI Score
0.001EPSS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES...
5.9AI Score
0.0004EPSS
Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product
Huawei eSpace Desktop products have the following vulnerabilities: 1) The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. (Vulnerability ID: HWPSIRT-2014-1151) This vulnerability has been assigned Common...
1.8AI Score
0.001EPSS
openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)
chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : Use-after-free in pepper plugins (CVE-2014-7906). Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). ...
AI Score
0.037EPSS
GLSA-201412-13 : Chromium: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute...
1.2AI Score
0.043EPSS
Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products
The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has...
3.4CVSS
2.4AI Score
0.975EPSS
openSUSE: Security Advisory for chromium (openSUSE-SU-2014:1626-1)
The remote host is missing an update for...
6.7AI Score
0.037EPSS
Chromium: Multiple vulnerabilities
Background Chromium is an open-source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary code with the privileges of the process or...
6.4AI Score
0.043EPSS
Security update for chromium (important)
chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed: - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). -...
2.8AI Score
0.037EPSS
[USN-2410-1] Oxide vulnerabilities
========================================================================== Ubuntu Security Notice USN-2410-1 November 19, 2014 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.10 Ubuntu 14.04 LTS Summary: Several security issues were fixed...
1.4AI Score
0.033EPSS
1.9AI Score
0.033EPSS
Updated chromium-browser-stable fixes multiple security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2014-7904). Use-after-free...
7.3AI Score
0.037EPSS
Google Chrome Multiple Vulnerabilities - 01 (Nov 2014) - Windows
Google Chrome is prone to multiple...
6AI Score
0.037EPSS
Google Chrome Multiple Vulnerabilities - 01 (Nov 2014) - Mac OS X
Google Chrome is prone to multiple...
6AI Score
0.037EPSS
RHEL 6 : chromium-browser (RHSA-2014:1894)
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed...
0.2AI Score
0.037EPSS
Google Chrome Multiple Vulnerabilities - 01 (Nov 2014) - Linux
Google Chrome is prone to multiple...
6AI Score
0.037EPSS
(RHSA-2014:1894) Important: chromium-browser security update
Chromium is an open-source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium....
7.4AI Score
0.037EPSS
6.4AI Score
0.033EPSS
CVE-2014-7899 (address bar spoofing) A flaw allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. CVE-2014-7900 (use-after-free) Use-after-free vulnerability in the...
5.5AI Score
0.037EPSS
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2410-1)
A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904)...
7.5AI Score
0.033EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
6.8AI Score
0.006EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
9.7AI Score
0.006EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
6.7AI Score
0.006EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
7.4AI Score
0.006EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
6.7AI Score
0.006EPSS
Google Chrome < 39.0.2171.65 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code...
0.3AI Score
0.037EPSS
FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)
Google Chrome Releases reports : 42 security fixes in this release, including : [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. [413375] High CVE-2014-7901: Integer overflow in...
0.5AI Score
0.037EPSS
Releases Ubuntu 14.10 Ubuntu 14.04 ESM Packages oxide-qt - Web browser engine library for Qt (QML plugin) Details A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service...
7.8AI Score
0.033EPSS
Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)
The version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code...
0.4AI Score
0.037EPSS
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown...
8AI Score
0.006EPSS
The Chrome team is delighted to announce the promotion of Chrome 39 to the stable channel for Windows, Mac and Linux. Chrome 39.0.2171.65 contains a number of fixes and improvements, including: 64-bit support for Mac A number of new apps/extension APIs Lots of under the hood changes for...
0.4AI Score
0.037EPSS
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 42 security fixes in this release, including: [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. [413375] High CVE-2014-7901: Integer...
6.7AI Score
0.037EPSS
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS...
6.8AI Score
0.007EPSS
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS...
6.6AI Score
0.007EPSS
Cross site request forgery (csrf)
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS...
7.2AI Score
0.007EPSS
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS...
6.6AI Score
0.007EPSS
PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection
...
9.8CVSS
10AI Score
EPSS
9.8CVSS
10AI Score
EPSS
Security Advisory-Bash Code Injection Vulnerability
This security advisory (SA) describes the impact of 6 Bash vulnerabilities discovered in third-party software (Vulnerability ID: HWPSIRT-2014-0951). 1.OS Command Injections vulnerability (CVE-2014-6271). GNU Bash through 4.3 processes trailing strings after function definitions in the values of...
9.8CVSS
4AI Score
0.976EPSS
F5 Networks BIG-IP : SSH vulnerability (K13600)
A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using secure shell (SSH). The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. The following platforms.....
AI Score
Security Advisory-9 OpenSSL vulnerabilities on Huawei products
This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...
1AI Score
0.928EPSS
7.4AI Score
EPSS
7.4AI Score
EPSS
9.8CVSS
10AI Score
EPSS
0.1AI Score
Pure-FTPd - External Authentication Bash Environment Variable Code Injection (Metasploit)
...
7.4AI Score
EPSS
9.7AI Score
EPSS
9.8CVSS
10AI Score
EPSS
7.1AI Score