Security Advisory - Integer overflow Vulnerability in Bdat Driver of Huawei Smart Phone

The Bdat driver of some Huawei smart phones has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can send a specific parameter to the driver of the smart phone, causing...

Micro Focus Novell Access Manager iManager Cross-Site Scripting Vulnerability

Micro Focus Novell Access Manager is a comprehensive Web access management solution from Micro Focus UK. iManager is one of the Web-based applications that can manage and configure eDirectory objects using wireless devices. A cross-site scripting vulnerability exists in Micro Focus Novell Access...

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

Mozilla Firefox Out-of-Bounds Write Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. An out-of-bounds write vulnerability exists in Mozilla Firefox. The vulnerability arises due to a lack of parameter validation for IPC messages. An attacker can exploit this vulnerability to...

CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2017-17140

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and th...

Design/Logic Flaw

Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone and th...

Input validation

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated...

CVE-2017-17140

CVE-2017-17140 affects Huawei Enjoy 5s and Y6 Pro smartphones on software versions prior to TAG-AL00C92B170 and TIT-L01C576B121. The vulnerability arises from lack of parameter validation, enabling a malicious application installed by a user to read sensitive information from kernel memory, causi...

The vulnerability of the Smart Licensing Manager operating system of FX-OS allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the Smart Licensing Manager service on the FX-OS operating system exists due to insufficient verification of Smart Licensing configuration parameters. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges remotely...

CVE-2017-16591

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16606

This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...

CVE-2018-0097

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could explo...

NetGain Systems Enterprise Manager exec_jsp Command Execution (CVE-2017-16602)

A command execution vulnerability exists in NetGain Systems Enterprise Manager. The vulnerability is due improper validation of command HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to a vulnerable server...

CVE-2017-15311

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120SP2C00, before BLA-AL00 8.0.0.120SP2C00, before MHA-AL00B 8.0.0.334C00, and before LON-AL00B 8.0.0.334C00 have a stack overflow vulnerability due to the lack of parameter...

CVE-2017-15311

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120SP2C00, before BLA-AL00 8.0.0.120SP2C00, before MHA-AL00B 8.0.0.334C00, and before LON-AL00B 8.0.0.334C00 have a stack overflow vulnerability due to the lack of parameter...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

Some Huawei smartphones have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some sensitive information in kernel memory, which may cause sensitive...

NetGain Systems Enterprise Manager misc.sample_jsp type Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones

The baseband modules of some Huawei smart phones have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles the...