Skip to main content
CVE-2017-12190 MEDIUM PATCH This Month

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-2717 MEDIUM This Month

honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Honor 8 Pro Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-8158 MEDIUM This Month

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-2728 MEDIUM This Month

Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Huawei Honor 6X Firmware
NVD
CVSS 3.0
6.4
EPSS
0.0%
CVE-2017-8215 MEDIUM This Month

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor 8 Firmware Honor V8 Firmware Honor 9 Firmware +6
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2017-8214 MEDIUM This Month

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Huawei Authentication Bypass Honor 8 Firmware Honor V8 Firmware Honor 9 Firmware +6
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2017-6166 MEDIUM This Month

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Afm Big Ip Analytics Big Ip Apm Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2017-8127 MEDIUM This Month

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uma
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-8125 MEDIUM This Month

The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uma
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-8139 MEDIUM This Month

HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hedex Lite
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-8182 MEDIUM This Month

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Mtk Platform Smart Phone Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2017-8189 MEDIUM This Month

FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fusionsphere Openstack
NVD
CVSS 3.0
6.0
EPSS
0.0%
CVE-2017-8157 MEDIUM This Month

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oceanstor 5800 V3 Firmware Oceanstor 6900 V3 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-8191 MEDIUM This Month

FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fusionsphere Openstack
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2017-2711 MEDIUM This Month

P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P9 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8184 MEDIUM This Month

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Mtk Platform Smart Phone Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8183 MEDIUM This Month

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mtk Platform Smart Phone Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2733 MEDIUM This Month

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Honor 6X Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8136 MEDIUM This Month

HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hedex Lite
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2732 MEDIUM This Month

Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Hilink
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8216 MEDIUM This Month

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Google Authentication Bypass P10 Lite Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8146 MEDIUM This Month

The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8145 MEDIUM This Month

The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2709 MEDIUM This Month

HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Higame Skytone
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8186 MEDIUM This Month

The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Mha Al00A
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8175 MEDIUM This Month

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Vicky Al00A Victoria Al00A Warsaw Al00
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8144 MEDIUM This Month

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5A Firmware Honor 8 Lite Firmware Mate 9 Firmware +3
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2734 MEDIUM This Month

P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P9 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2731 MEDIUM This Month

The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P9 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8202 MEDIUM This Month

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Prague Al00A Firmware Prague Al00B Firmware Prague Al00C Firmware +2
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2695 MEDIUM This Month

TIT-AL00C583B211 has a directory traversal vulnerability which allows an attacker to obtain the files in email application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tit Al00 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8149 MEDIUM This Month

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Huawei P10 Firmware P10 Plus Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8172 MEDIUM This Month

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service P10 Plus Firmware P10 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8143 MEDIUM This Month

Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 5C Firmware P9 Lite Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-12193 MEDIUM PATCH This Month

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-2690 MEDIUM This Month

SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Softco Firmware Espace U1910 Firmware Espace U1911 Firmware Espace U1930 Firmware +3
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-8178 MEDIUM This Month

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Huawei Vicky Al00 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-7736 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2713 MEDIUM This Month

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure P9 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.0%
CVE-2017-8213 MEDIUM This Month

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Smc2 0 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-2712 MEDIUM This Month

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure S3300 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-8121 MEDIUM This Month

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-2720 MEDIUM This Month

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Fusionsphere Openstack
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-8177 MEDIUM This Month

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Jwt Attack Hiwallet
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-8148 MEDIUM This Month

Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Race Condition P9 Firmware
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-2708 MEDIUM This Month

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nice Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2017-8152 MEDIUM This Month

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Honor 5S Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-8171 MEDIUM This Month

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Huawei Information Disclosure P10 Plus Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-8161 MEDIUM This Month

EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Eva L09
NVD
CVSS 3.0
4.6
EPSS
0.0%
CVE-2017-2710 MEDIUM This Month

BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions,. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Beethoven W09A Firmware Crr L09 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy