News aggregator

CVE-2017-8131

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-8132

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-8133

National Vulnerability Database - Wed, 11/22/2017 - 14:29
Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted.
Categories: Security News

CVE-2017-8134

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-8135

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-8136

National Vulnerability Database - Wed, 11/22/2017 - 14:29
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak.
Categories: Security News

CVE-2017-8137

National Vulnerability Database - Wed, 11/22/2017 - 14:29
HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.
Categories: Security News

CVE-2017-8138

National Vulnerability Database - Wed, 11/22/2017 - 14:29
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.
Categories: Security News

CVE-2017-8139

National Vulnerability Database - Wed, 11/22/2017 - 14:29
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users.
Categories: Security News

CVE-2017-8140

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
Categories: Security News

CVE-2017-2712

National Vulnerability Database - Wed, 11/22/2017 - 14:29
S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping.
Categories: Security News

CVE-2017-2713

National Vulnerability Database - Wed, 11/22/2017 - 14:29
HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information.
Categories: Security News

CVE-2017-2714

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.
Categories: Security News

CVE-2017-2715

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.
Categories: Security News

CVE-2017-2716

National Vulnerability Database - Wed, 11/22/2017 - 14:29
The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a system crash or privilege escalation.
Categories: Security News

CVE-2017-2717

National Vulnerability Database - Wed, 11/22/2017 - 14:29
honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system.
Categories: Security News

CVE-2017-2718

National Vulnerability Database - Wed, 11/22/2017 - 14:29
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-2719

National Vulnerability Database - Wed, 11/22/2017 - 14:29
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Categories: Security News

CVE-2017-2720

National Vulnerability Database - Wed, 11/22/2017 - 14:29
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
Categories: Security News

CVE-2017-2721

National Vulnerability Database - Wed, 11/22/2017 - 14:29
Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Categories: Security News

Pages