Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 19.5%.
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.3%.
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer overflow in secars.dll in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1.x before 12.1.3, and Symantec Endpoint Protection Center (SPC) Small Business Edition. Rated high severity (CVSS 7.9). Public exploit code available and no vendor patch available.
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.