The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.
CVE-2016-8274
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.
CVE-2016-8792
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege.
CVE-2016-8761
Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege.
CVE-2016-8760
Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.
Bugtraq: [security bulletin] HPESBGN03722 rev.1 – HPE Operations Agent, Local Escalation of Privilege
[security bulletin] HPESBGN03722 rev.1 – HPE Operations Agent, Local Escalation of Privilege
KaiXin Exploit Kit
KaiXin exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Remote attackers can infect users with KaiXin exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution on the victim’s computer.
Suspicious Decimal IP Redirect
Many exploit kits, when connecting to HTTP servers for malware download, use a non-dotted decimal IP literal as the server name. Using such notation may be indicative of malware download.
CVE-2017-2388
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2017-2385
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the “Safari Login AutoFill” component. It allows local users to obtain access to locked keychain items via unspecified vectors.