Lucene search

K

ESpace 7910; ESpace 7950; ESpace 8950 Security Vulnerabilities

cvelist
cvelist

CVE-2018-7958

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....

7.3AI Score

0.002EPSS

2018-11-27 10:00 PM
cvelist
cvelist

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...

6.1AI Score

0.002EPSS

2018-11-27 10:00 PM
cvelist
cvelist

CVE-2018-7960

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...

7.3AI Score

0.002EPSS

2018-11-27 10:00 PM
huawei
huawei

Security Advisory - Two Vulnerabilities in Huawei eSpace Product

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak. (Vulnerability...

7.4CVSS

6AI Score

0.002EPSS

2018-11-14 12:00 AM
22
huawei
huawei

Security Advisory - Anonymous TLS Cipher Suite Supported Vulnerability in Huawei eSpace Product

There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....

7.4CVSS

7AI Score

0.002EPSS

2018-11-14 12:00 AM
19
cve
cve

CVE-2018-7910

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...

6.8CVSS

6.6AI Score

0.001EPSS

2018-11-13 07:29 PM
27
prion
prion

Authentication flaw

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...

6.8CVSS

6.7AI Score

0.001EPSS

2018-11-13 07:29 PM
3
nvd
nvd

CVE-2018-7910

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...

6.8CVSS

6.7AI Score

0.001EPSS

2018-11-13 07:29 PM
1
cvelist
cvelist

CVE-2018-7910

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's...

6.7AI Score

0.001EPSS

2018-11-13 07:00 PM
mskb
mskb

Description of the security update for SharePoint Foundation 2013: November 13, 2018

Description of the security update for SharePoint Foundation 2013: November 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

8.6AI Score

0.47EPSS

2018-11-13 08:00 AM
13
akamaiblog
akamaiblog

BGP Route Hijacking

Yes, we can minimize the BGP Hijacking Risk Every day we see something new about the global security threat. It is hard to keep track of all the various ways your network can be attacked. But there are some threat-vectors which need particular attention. "Did you know that a threat-actor with 20...

-0.1AI Score

2018-11-05 03:06 PM
101
huawei
huawei

Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the...

6.8CVSS

6.5AI Score

0.001EPSS

2018-11-01 12:00 AM
17
openbugbounty
openbugbounty

cinematheque.fr XSS vulnerability

Open Bug Bounty ID: OBB-684236 Description| Value ---|--- Affected Website:| cinematheque.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-10-09 01:51 PM
27
openbugbounty
openbugbounty

lavoixdunord-espace-abonnement.lavoix.com XSS vulnerability

Open Bug Bounty ID: OBB-677023 Description| Value ---|--- Affected Website:| lavoixdunord-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3.....

AI Score

2018-09-16 10:46 AM
12
openbugbounty
openbugbounty

lunion-espace-abonnement.lavoix.com XSS vulnerability

Open Bug Bounty ID: OBB-676916 Description| Value ---|--- Affected Website:| lunion-espace-abonnement.lavoix.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3...

AI Score

2018-09-15 11:20 AM
6
ics
ics

Exemys Web Server Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a login bypass in the Exemys Telemetry Web Server. Exemys has not produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following Exemys product is affected: Exemys Telemetry.....

6.6AI Score

0.003EPSS

2018-08-27 12:00 PM
29
openbugbounty
openbugbounty

grandes-ecoles.studyrama.com XSS vulnerability

Open Bug Bounty ID: OBB-669692 Description| Value ---|--- Affected Website:| grandes-ecoles.studyrama.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-27 02:43 AM
9
openbugbounty
openbugbounty

agoradataclub.com XSS vulnerability

Open Bug Bounty ID: OBB-664667 Description| Value ---|--- Affected Website:| agoradataclub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-15 09:51 AM
8
huawei
huawei

Security Advisory - CPU Side Channel Vulnerability "L1TF"

Intel and security researchers publicly disclosed three new cpu side-channel vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646). Successful exploit of these vulnerabilities could allow a local attacker to read the memory of other processes in specific situations. These...

6.4CVSS

0.4AI Score

EPSS

2018-08-15 12:00 AM
163
openbugbounty
openbugbounty

espace-des-marques.com XSS vulnerability

Open Bug Bounty ID: OBB-661026 Description| Value ---|--- Affected Website:| espace-des-marques.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-08-08 11:01 PM
11
openvas
openvas

Huawei eSpace Unified Gateway Detection (Telnet)

Telnet based detection of Huawei eSpace Unified...

7.1AI Score

2018-08-01 12:00 AM
18
prion
prion

Security feature bypass

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-31 02:29 PM
2
nvd
nvd

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.7AI Score

0.002EPSS

2018-07-31 02:29 PM
cve
cve

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-31 02:29 PM
21
cvelist
cvelist

CVE-2017-17174

Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients...

5.7AI Score

0.002EPSS

2018-07-31 02:00 PM
huawei
huawei

Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products

There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...

5.9CVSS

5.6AI Score

0.002EPSS

2018-07-03 12:00 AM
7
oraclelinux
oraclelinux

kernel security and bug fix update

[2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode....

9.8CVSS

-0.1AI Score

0.976EPSS

2018-06-25 12:00 AM
72
ibm
ibm

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-11600 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by out-of-bound access in thenet/xfrm/xfrm_policy.c. By using...

9.8CVSS

0.9AI Score

0.905EPSS

2018-06-18 01:38 AM
43
ibm
ibm

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

Summary IBM QRadar Network Security has addressed vulnerabilities in Linux kernel. Vulnerability Details CVEID: CVE-2017-1000364 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a a stack memory allocation flaw that allows the stack guard.....

9.8CVSS

0.9AI Score

0.905EPSS

2018-06-16 10:02 PM
18
ibm
ibm

Security Bulletin: Multiple vulnerabilities in the IBM Emptoris Sourcing product

Summary The security bulletin includes multiple vulnerabilities found and addressed in the IBM Emptoris Sourcing product. Vulnerability Details CVEID: CVE-2016-8950 DESCRIPTION: IBM Emptoris Sourcing is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

6.1CVSS

0.1AI Score

0.001EPSS

2018-06-16 08:10 PM
8
openbugbounty
openbugbounty

177.85.203.145 XSS vulnerability

Open Bug Bounty ID: OBB-633042 Description| Value ---|--- Affected Website:| 177.85.203.145 Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-06-16 09:56 AM
13
openbugbounty
openbugbounty

lc131.pedeserra.ba.gov.br XSS vulnerability

Open Bug Bounty ID: OBB-632805 Description| Value ---|--- Affected Website:| lc131.pedeserra.ba.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-06-15 04:44 PM
9
huawei
huawei

Security Advisory - OpenSSL Vulnerability in Some Huawei Products

Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2018-03073) This...

6.5CVSS

1.6AI Score

0.009EPSS

2018-06-13 12:00 AM
29
mskb
mskb

Description of the security update for SharePoint Foundation 2013: June 12, 2018

Description of the security update for SharePoint Foundation 2013: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

6.2AI Score

0.005EPSS

2018-06-12 07:00 AM
24
huawei
huawei

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. (Vulnerability ID:...

5.6CVSS

AI Score

0.976EPSS

2018-06-06 12:00 AM
44
nvd
nvd

CVE-2018-7950

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.8AI Score

0.002EPSS

2018-06-01 02:29 PM
nvd
nvd

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
prion
prion

Input validation

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.7AI Score

0.002EPSS

2018-06-01 02:29 PM
1
prion
prion

Cross site scripting

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
3
cve
cve

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2018-06-01 02:29 PM
21
cve
cve

CVE-2018-7950

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8CVSS

8.6AI Score

0.002EPSS

2018-06-01 02:29 PM
24
cvelist
cvelist

CVE-2018-7950

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...

8.8AI Score

0.002EPSS

2018-06-01 02:00 PM
cvelist
cvelist

CVE-2018-7976

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS...

5.2AI Score

0.001EPSS

2018-06-01 02:00 PM
threatpost
threatpost

Huawei Patches Four Server Bugs Rated High Severity

Huawei Technologies warned customers of four vulnerabilities rated high that impact 20 of its server models. Patches are available for each of the bugs that range from an authentication bypass vulnerability, privilege escalation vulnerability and two JavaScript Object Notation (JSON) injection...

1.2AI Score

0.003EPSS

2018-05-31 07:03 PM
12
openbugbounty
openbugbounty

boutique.vcommevin.com XSS vulnerability

Open Bug Bounty ID: OBB-624633 Description| Value ---|--- Affected Website:| boutique.vcommevin.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-05-30 07:25 PM
5
huawei
huawei

Security Advisory - Two JSON Injection Vulnerabilities in Some Huawei Servers

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have two JSON injection vulnerabilities due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers.....

8.8CVSS

9.1AI Score

0.002EPSS

2018-05-30 12:00 AM
14
huawei
huawei

Security Advisory - Stored XSS Vulnerability in eSpace Desktop

There is a stored cross-site scripting (XSS) vulnerability in eSpace Desktop. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the...

5.4CVSS

4.9AI Score

0.001EPSS

2018-05-30 12:00 AM
11
openbugbounty
openbugbounty

carte-grise-gouv.fr XSS vulnerability

Open Bug Bounty ID: OBB-620107 Description| Value ---|--- Affected Website:| carte-grise-gouv.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-05-22 10:56 AM
16
openbugbounty
openbugbounty

manuelphp.com XSS vulnerability

Open Bug Bounty ID: OBB-615748 Description| Value ---|--- Affected Website:| manuelphp.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...

AI Score

2018-05-12 04:47 PM
8
mskb
mskb

Description of the security update for SharePoint Foundation 2013: May 8, 2018

Description of the security update for SharePoint Foundation 2013: May 8, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft.....

6.3AI Score

0.005EPSS

2018-05-08 07:00 AM
9
Total number of security vulnerabilities1026