CVE-2017-8150

The CVE-2017-8150 entry affects Huawei P10 and P10 Plus bootloaders. The vulnerability is an arbitrary memory write caused by lack of parameter validation in boot loaders for versions prior to Victoria-L09AC605B162, Victoria-L29AC605B162, and Vicky-L29AC605B162. An attacker with root access on An...

Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone

The CameraISP driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34415)

Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34414)

Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2017-34416)

Huawei DP300, RP200, TE series and TX50 are Huawei's all-in-one desktop and high-definition videoconferencing end products for high-end customers. A buffer overflow vulnerability exists in several Huawei products, which is caused by the device failing to adequately validate parameters in the...

Security Advisory - Two Buffer overflow Vulnerabilities on Huawei Smart Phone

Some Huawei smart phones have two buffer overflow vulnerabilities due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary...

Security Advisory - Integer overflow Vulnerability in Bastet Driver of Huawei Smart Phone

The Bastet driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitra...

Security Advisory - Buffer overflow Vulnerability in Bastet Driver of Huawei Smart Phone

The Bastet driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing...

CVE-2017-12416

Cross-site scripting XSS vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

Cross site scripting

Cross-site scripting XSS vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

CVE-2017-12416

Cross-site scripting XSS vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to...

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

Huawei FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-30062)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...

Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones

The boot loaders of some Huawei mobile phones have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer...

Hewlett Packard Enterprise Intelligent Management Center iccSelectRules Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-12478

It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system...

ntopng cross-site scripting vulnerability (CNVD-2017-16033)

NTOPNG is the next generation version of NTOP, computer software for monitoring traffic on a computer network. A cross-site scripting vulnerability exists in ntopng. The vulnerability stems from improper validation of GET and POST parameters and can be exploited by an attacker to inject arbitrary...

Open redirect

An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated...

Code injection

In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters...

CVE-2017-7366

In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters...