CVE-2021-22310

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions includ...

EUVD-2017-6788

Malware in sbrugna...

CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...

CVE-2024-36926

CVE-2024-36926 affects the Linux kernel on PowerPC pseries hardware, where LPARs boot with a frozen PE may lack the ibm,dma-window property. This can cause a NULL pointer dereference while configuring PCI, leading to an oops/panic during boot. The vulnerability is described with kernel traces (pc...

CVE-2021-47337

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...

CVE-2024-26847 powerpc/rtas: use correct function name for resetting TCE tables

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...

CVE-2024-26847 powerpc/rtas: use correct function name for resetting TCE tables

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

nip.family Cross Site Scripting vulnerability OBB-1449675

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-9099

CVE-2020-9099 affects Huawei enterprise devices: IPS/NGFW modules and USG/NIP series (NIP6300/6600/6800; Secospace USG6300/6500/6600/USG9500) with specific V500R0xxC0x/v500R005C0x builds. The vulnerability is described as improper authentication that could allow an unauthenticated attacker to per...

NIP Kompanija Novosti A.D. Serbia Web Design 1.0 SQL Injection

Exploit Title : NIP Kompanija "Novosti" A.D. Serbia Web Design 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : novosti.rs Tested On : Windows Category : WebApps Exploit Risk : Medium Version Information : V1.0 - Nginx 1.7.6 - PHP 5.3.28 jQuery 1.8.3 -...

CVE-2017-17256

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20,...

CVE-2017-17137

PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700...

CVE-2017-15336

CVE-2017-15336 corresponds to buffer overflow vulnerabilities in the SIP backup feature across Huawei devices (DP300 and a broad range of modules and platforms including IPS, NGFW, NIP6300/6600/6800, RP200, ViewPoint, eSpace U1981, and Secospace USG/TE series). Root cause: insufficient validation...

CVE-2017-17153

CVE-2017-17153 is a memory-leak vulnerability in the IKEv2 implementation of Huawei products (including IPS Module, NGFW Module, NIP6300/6600, Secospace USG families). The root cause is memory release failure caused by insufficient input validation, which can allow memory to be not freed and lead...

nip2 Parameter Injection Vulnerability

nip2 is a GUI for the VIPS image processing library. A parameter injection vulnerability exists in nip2 8.4.0. The vulnerability arises because boxes.c in nip2 does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker could exploit this...

Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net

Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...