6.8AI Score
0.009EPSS
Threat Outbreak Alert RuleID14123: Email Messages Distributing Malicious Software on March 20, 2015
Medium Alert ID: 37966 First Published: 2015 March 20 12:57 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID14123) may contain the following...
0.2AI Score
Security Advisory - NTPd Security Vulnerability in Multiple Huawei Products
Huawei was notified about information released by NTP.org and CERT/CC regarding stack buffer overflow security vulnerabilities (CVE-2014-9295) in NTP daemon (ntpd) on December 19th, 2014. Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary.....
2.3AI Score
0.966EPSS
Security Advisory - Glibc Buffer Overflow Vulnerability
Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. (Vulnerability ID: HWPSIRT-2015-01045) This.....
8AI Score
0.975EPSS
openSUSE Security Update : xen (openSUSE-2015-129)
The XEN virtualization was updated to fix bugs and security issues : Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference...
8AI Score
0.009EPSS
Security update for xen (important)
The XEN virtualization was updated to fix bugs and security issues: Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113: Guest effectable page reference...
-0.2AI Score
0.009EPSS
openSUSE Security Update : xen (openSUSE-2015-113)
The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113:...
0.1AI Score
0.009EPSS
openSUSE: Security Advisory for xen (openSUSE-SU-2015:0226-1)
The remote host is missing an update for...
6.8AI Score
0.009EPSS
Security update for xen (important)
The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030:...
0.4AI Score
0.009EPSS
1.2AI Score
0.003EPSS
[SECURITY] [DSA 3140-1] xen security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq Package : xen CVE...
2.5AI Score
0.006EPSS
Debian DSA-3140-1 : xen - security update
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may ...
1AI Score
0.006EPSS
[SECURITY] [DSA 3140-1] xen security update
Debian Security Advisory DSA-3140-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 27, 2015 http://www.debian.org/security/faq Package : xen CVE ID : CVE-2014-8594 CVE-2014-8595...
6.8AI Score
0.006EPSS
Debian Security Advisory DSA 3140-1 (xen - security update)
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...
0.8AI Score
0.006EPSS
Multiple security issues have been discovered in the Xen virtualisation solution which may result in denial of service, information disclosure or privilege escalation. CVE-2014-8594 Roger Pau Monne and Jan Beulich discovered that incomplete restrictions on MMU update hypercalls may result in...
3.8AI Score
0.006EPSS
6.7AI Score
0.006EPSS
ManageEngine Multiple Products Authenticated File Upload Exploit
This Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system....
-0.2AI Score
0.971EPSS
0.4AI Score
0.971EPSS
7.4AI Score
EPSS
6.8AI Score
0.009EPSS
7.5AI Score
0.009EPSS
[SECURITY] Fedora 20 Update: xen-4.3.3-9.fc20
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.009EPSS
[SECURITY] Fedora 21 Update: xen-4.4.1-12.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.009EPSS
Security update for xen (important)
xen was updated to fix nine security issues. These security issues were fixed: - Guest affectable page reference leak in MMU_MACHPHYS_UPDATE handling (CVE-2014-9030). - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor (CVE-2014-8867). - Excessive...
0.4AI Score
0.006EPSS
7.5AI Score
0.006EPSS
ManageEngine Multiple Products Authenticated File Upload
This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication...
7AI Score
SuSE 11.3 Security Update : Xen (SAT Patch Number 10018)
Xen has been updated to version 4.2.5 with additional patches to fix six security issues : Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling. (CVE-2014-9030) Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor. (CVE-2014-8867) Excessive...
0.2AI Score
0.006EPSS
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted...
6.2AI Score
0.001EPSS
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted...
6AI Score
0.001EPSS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified...
6.2AI Score
0.001EPSS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified...
6.1AI Score
0.001EPSS
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4)...
7.3AI Score
0.001EPSS
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4)...
7.4AI Score
0.001EPSS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES...
6.1AI Score
0.0004EPSS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES...
6AI Score
0.0004EPSS
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4)...
7.8AI Score
0.001EPSS
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted...
6.6AI Score
0.001EPSS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified...
6.6AI Score
0.001EPSS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES...
6.5AI Score
0.0004EPSS
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4)...
7.3AI Score
0.001EPSS
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted...
6AI Score
0.001EPSS
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified...
6AI Score
0.001EPSS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES...
5.9AI Score
0.0004EPSS
Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product
Huawei eSpace Desktop products have the following vulnerabilities: 1) The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. (Vulnerability ID: HWPSIRT-2014-1151) This vulnerability has been assigned Common...
1.8AI Score
0.001EPSS
Fedora 21 : xen-4.4.1-9.fc21 (2014-15951)
Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on...
0.3AI Score
0.006EPSS
Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products
The SSLv3 protocol supported by some Huawei products has the so-called Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability. The attacker can launch a man-in-the-middle attack to manipulate the TLS negotiation process so that the communication parties use SSLv3, which has...
3.4CVSS
2.4AI Score
0.975EPSS
[SECURITY] Fedora 19 Update: xen-4.2.5-6.fc19
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.006EPSS
[SECURITY] Fedora 20 Update: xen-4.3.3-6.fc20
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.006EPSS
[SECURITY] Fedora 21 Update: xen-4.4.1-9.fc21
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...
2.1AI Score
0.006EPSS
6.7AI Score
0.006EPSS