CVE-2017-8156

The outdoor unit of Customer Premise Equipment CPE product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without authentication. Successful exploit could allow t...

CVE-2017-8155

The CVE-2017-8155 entry describes an unauthenticated access flaw in the outdoor unit of Huawei B2338-168 CPE. The issue arises from no authentication on a specific port (serial port access) between the indoor and outdoor units, enabling an attacker to deliver commands to the outdoor unit without ...

xml_file

This plugin writes the framework messages to an XML report file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | report.xml | File name where this plugin will write to | No...

Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3469-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3469-2 advisory. USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initializ...

USN-3469-1: Linux kernel vulnerabilities

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2017-10911 Bo Zhang discovered tha...

CVE-2017-9377

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

Command injection

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

CVE-2017-9377

Barco ClickShare Base Unit devices (CSM-1 firmware before 1.7.0.3; CSC-1 firmware before 1.10.0.10) are affected by CVE-2017-9377. A command injection vulnerability exists that an attacker with access to the product’s web API can exploit to completely compromise the affected device. The available...

Linux kernel x86/fpu (Floating Point Unit) subsystem information disclosure vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. x86/fpu Floating Point Unit subsystem is one of the 32-bit floating point unit subsystems. A security vulnerability exists in the x86/fpu Floating Point Unit subsystem in...

actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

CVE-2017-2132

Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors...

CVE-2017-2133

SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-2133

SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

Panasonic Home Unit KX-HJB1000 Access Bypass Vulnerability

The Panasonic KX-HJB1000 Home unit devices is a webcam from Panasonic Japan. An access bypass vulnerability exists in the Panasonic Home Unit KX-HJB1000. An attacker can use this vulnerability to bypass access restrictions and view configuration menus...

Panasonic Home Unit KX-HJB1000 Arbitrary File Deletion Vulnerability

The Panasonic KX-HJB1000 Home unit devices is a webcam from Panasonic Japan. An arbitrary file deletion vulnerability exists in the Panasonic Home Unit KX-HJB1000. An attacker can use this vulnerability to delete arbitrary files in a directory...

Panasonic Home Unit KX-HJB1000 SQL Injection Vulnerability

The Panasonic KX-HJB1000 Home unit devices is a webcam from Panasonic Japan. A SQL injection vulnerability exists in Home unit KX-HJB1000. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

Design/Logic Flaw

The x86/fpu Floating Point Unit subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace or rtsigreturn system call, allowing local users to read...

CVE-2017-15537

The x86/fpu Floating Point Unit subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace or rtsigreturn system call, allowing local users to read...