There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.3AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
6.1AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.3AI Score
0.002EPSS
Security Advisory - Two Vulnerabilities in Huawei eSpace Product
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. (Vulnerability...
7.4CVSS
6AI Score
0.002EPSS
Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7AI Score
0.002EPSS
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...
6.8CVSS
6.6AI Score
0.001EPSS
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...
6.8CVSS
6.7AI Score
0.001EPSS
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...
6.8CVSS
6.7AI Score
0.001EPSS
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...
6.7AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: November 13, 2018
Description of the security update for SharePoint Foundation 2013: November 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
8.6AI Score
0.47EPSS
Yes, we can minimize the BGP Hijacking Risk Every day we see something new about the global security threat. It is hard to keep track of all the various ways your network can be attacked. But there are some threat-vectors which need particular attention. "Did you know that a threat-actor with 20...
-0.1AI Score
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones
Some Huawei smartphones have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the...
6.8CVSS
6.5AI Score
0.001EPSS
cinematheque.fr XSS vulnerability
Open Bug Bounty ID: OBB-684236 Description| Value ---|--- Affected Website:| cinematheque.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
lavoixdunord-espace-abonnement.lavoix.com XSS vulnerability
Open Bug Bounty ID: OBB-677023 Description| Value ---|--- Affected Website:| lavoixdunord-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3.....
AI Score
lunion-espace-abonnement.lavoix.com XSS vulnerability
Open Bug Bounty ID: OBB-676916 Description| Value ---|--- Affected Website:| lunion-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3...
AI Score
Exemys Web Server Bypass Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified a login bypass in the Exemys Telemetry Web Server. Exemys has not produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Exemys product is affected: Exemys Telemetry.....
6.6AI Score
0.003EPSS
grandes-ecoles.studyrama.com XSS vulnerability
Open Bug Bounty ID: OBB-669692 Description| Value ---|--- Affected Website:| grandes-ecoles.studyrama.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
agoradataclub.com XSS vulnerability
Open Bug Bounty ID: OBB-664667 Description| Value ---|--- Affected Website:| agoradataclub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Security Advisory - CPU Side Channel Vulnerability "L1TF"
Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations. These...
6.4CVSS
0.4AI Score
EPSS
espace-des-marques.com XSS vulnerability
Open Bug Bounty ID: OBB-661026 Description| Value ---|--- Affected Website:| espace-des-marques.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Huawei eSpace Unified Gateway Detection (Telnet)
Telnet based detection of Huawei eSpace Unified...
7.1AI Score
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...
5.9CVSS
5.6AI Score
0.002EPSS
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...
5.9CVSS
5.7AI Score
0.002EPSS
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...
5.9CVSS
5.6AI Score
0.002EPSS
Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...
5.7AI Score
0.002EPSS
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...
5.9CVSS
5.6AI Score
0.002EPSS
kernel security and bug fix update
[2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode....
9.8CVSS
-0.1AI Score
0.976EPSS
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11600 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using...
9.8CVSS
0.9AI Score
0.905EPSS
Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel
Summary IBM QRadar Network Security has addressed vulnerabilities in Linux kernel. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard.....
9.8CVSS
0.9AI Score
0.905EPSS
Security Bulletin: Multiple vulnerabilities in the IBM Emptoris Sourcing product
Summary The security bulletin includes multiple vulnerabilities found and addressed in the IBM Emptoris Sourcing product. Vulnerability Details CVEID: CVE-2016-8950 DESCRIPTION: IBM Emptoris Sourcing is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
6.1CVSS
0.1AI Score
0.001EPSS
177.85.203.145 XSS vulnerability
Open Bug Bounty ID: OBB-633042 Description| Value ---|--- Affected Website:| 177.85.203.145 Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
lc131.pedeserra.ba.gov.br XSS vulnerability
Open Bug Bounty ID: OBB-632805 Description| Value ---|--- Affected Website:| lc131.pedeserra.ba.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Security Advisory - OpenSSL Vulnerability in Some Huawei Products
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2018-03073) This...
6.5CVSS
1.6AI Score
0.009EPSS
Description of the security update for SharePoint Foundation 2013: June 12, 2018
Description of the security update for SharePoint Foundation 2013: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.2AI Score
0.005EPSS
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. (Vulnerability ID:...
5.6CVSS
AI Score
0.976EPSS
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...
8.8CVSS
8.8AI Score
0.002EPSS
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...
5.4CVSS
5.2AI Score
0.001EPSS
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...
8.8CVSS
8.7AI Score
0.002EPSS
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...
5.4CVSS
5.2AI Score
0.001EPSS
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...
5.4CVSS
5.2AI Score
0.001EPSS
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...
8.8CVSS
8.6AI Score
0.002EPSS
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...
8.8AI Score
0.002EPSS
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...
5.2AI Score
0.001EPSS
Huawei Patches Four Server Bugs Rated High Severity
Huawei Technologies warned customers of four vulnerabilities rated high that impact 20 of its server models. Patches are available for each of the bugs that range from an authentication bypass vulnerability, privilege escalation vulnerability and two JavaScript Object Notation (JSON) injection...
1.2AI Score
0.003EPSS
boutique.vcommevin.com XSS vulnerability
Open Bug Bounty ID: OBB-624633 Description| Value ---|--- Affected Website:| boutique.vcommevin.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Security Advisory - Two JSON Injection Vulnerabilities in Some Huawei Servers
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have two JSON injection vulnerabilities due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers.....
8.8CVSS
9.1AI Score
0.002EPSS
Security Advisory - Stored XSS Vulnerability in eSpace Desktop
There is a stored cross-site scripting (XSS) vulnerability in eSpace Desktop. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the...
5.4CVSS
4.9AI Score
0.001EPSS
carte-grise-gouv.fr XSS vulnerability
Open Bug Bounty ID: OBB-620107 Description| Value ---|--- Affected Website:| carte-grise-gouv.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
manuelphp.com XSS vulnerability
Open Bug Bounty ID: OBB-615748 Description| Value ---|--- Affected Website:| manuelphp.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Description of the security update for SharePoint Foundation 2013: May 8, 2018
Description of the security update for SharePoint Foundation 2013: May 8, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft.....
6.3AI Score
0.005EPSS