CVE-2018-10604

CVE-2018-10604 affects SEL Compass 3.0.5.1 and earlier, where incorrect default permissions grant all users full access to the Compass directory, enabling modification or overwriting of files and potential privilege escalation or code execution. The issue is documented across multiple sources (NV...

Multiple Echelon Products Information Disclosure Vulnerability (CNVD-2018-18306)

Echelon SmartServer 1 and others are products of Echelon Corporation of the United States. echelon SmartServer 1 is a multifunctional controller, which supports building automation control and enterprise energy management, etc. i.LON 100 is a network server, which is mainly used to configure and...

CVE-2018-12333

CVE-2018-12333 affects ECOS Secure Boot Stick (SBS) version 5.6.5 and is caused by insufficient verification of data authenticity. The vulnerability could allow an attacker to manipulate security-related configurations and execute malicious code on the device. Publicly documented details identify...

CVE-2017-17320

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install ...

Double free

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install ...

CVE-2017-17320

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install ...

CVE-2017-17324

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks...

Integer overflow

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks...

CVE-2017-17324

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks...

CVE-2017-17324

Huawei Mate 9 Pro smartphones (models LON-AL00BC00B139D and LON-AL00BC00B229) are affected by an integer overflow in the camera driver caused by unvalidated external input. This overflow can lead to a buffer overflow and, as stated, could enable malicious code execution when a user installs a cra...

CVE-2017-8159

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain...

CVE-2017-8159

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain...

Type confusion

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain...

CVE-2017-8159

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain...

CVE-2017-8159

Summary (CVE-2017-8159) : A type confusion vulnerability affecting certain Huawei smartphones (AGS-L09C233B019, AGS-W09C233B019, KOB-L09C233B017, KOB-W09C233B012). The flaw arises when a program initializes a variable with one data type and later accesses it as a different type during specific re...

CVE-2017-8509

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506...

In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

fotopolska.eu XSS vulnerability

Vulnerable URL: http://fotopolska.eu/%22%3E%3Csvg%20onload=alert/XSSPOSED/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 162452 VIP website status:| No Check fotopolska.eu SSL...

CVE-2016-6853

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites,...

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed...