Skip to main content
CVE-2017-16727 CRITICAL PATCH Act Now

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nport W2150A Firmware Nport W2250A Firmware
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2017-15308 HIGH This Week

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ireader
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-15313 HIGH This Week

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Huawei Smartcare
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-15311 HIGH This Week

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Huawei Denial Of Service Mate 10 Firmware +3
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10869 HIGH This Week

Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-10909 HIGH This Week

Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Music Center
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-15316 HIGH This Week

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Huawei Mate 9 Firmware Mate 9 Pro Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-10908 HIGH This Week

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2017-10868 HIGH This Week

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service H2O
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2017-15324 HIGH This Week

Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure S5700 Firmware S6700 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15320 HIGH This Week

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Rp200 Firmware Te30 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15319 HIGH This Week

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Rp200 Firmware Te30 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15318 HIGH This Week

RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Rp200 Firmware Te30 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15328 HIGH This Week

Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Information Disclosure Hg8245H Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15317 HIGH This Week

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Information Disclosure Ar120 S Firmware Ar1200 Firmware +13
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-15309 HIGH This Week

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Huawei Ireader
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-10872 MEDIUM This Month

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service H2O
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-16766 MEDIUM This Month

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Authentication Bypass Diskstation Manager
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-15310 MEDIUM This Month

Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ireader
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15322 MEDIUM This Month

Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Baggio L03A Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-15312 MEDIUM This Month

Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Huawei Smartcare
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-10907 MEDIUM This Month

Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Onethird Cms Show Off
NVD
CVSS 3.0
4.3
EPSS
3.1%
CVE-2017-15321 LOW Monitor

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Information Disclosure Fusionsphere Openstack
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2017-15307 LOW Monitor

Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Honor 8 Firmware
NVD
CVSS 3.0
2.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy