security.didici.cc

CVE-2017-16939

15 hours ago

The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_ ...

CVE-2017-16934

18 hours ago

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/m
tdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a cha ...

CVE-2017-16935

18 hours ago

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/serverco
mm/messages.xml, as demonstrated by changing the ...

CVE-2017-16936

18 hours ago

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14
_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_
)_cn, Ac15 US_AC15V1.0BR_V15.03.05.1
8_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.1
9_multi_TD01, Ac18 US_AC18V1.0BR_ ...

CVE-2017-16938

18 hours ago

A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file ...

CVE-2017-16933

20 hours ago

etc/initsystem/prepare-di
rs in Icinga 2.x through 2.8.0 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.

CVE-2016-10700

20 hours ago

auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability ...

CVE-2017-16932

1 day ago

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

CVE-2017-16931

1 day ago

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReferenc
e function in the case of a '%' character in a DTD name.

CVE-2017-13699

1 day ago

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reve ...

CVE-2017-13698

1 day ago

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded ...

CVE-2017-13701

1 day ago

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering ...

CVE-2017-15088

1 day ago

plugins/preauth/pkinit/pk
init_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application cra ...

CVE-2017-16927

1 day ago

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly ha ...

CVE-2017-7501

2 days ago

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and mo ...

CVE-2017-16879

2 days ago

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

CVE-2017-8213

2 days ago

Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerabilitywhen handle TLS and DTLS hand ...

CVE-2017-8203

2 days ago

The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious appli ...

CVE-2017-8202

2 days ago

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versi
ons earlier than Prague-AL00BC00B205,versi
ons earlier than Prague-AL00CC00B205,versi
ons earlier than Prague-TL00AC01B205,versi
ons earlier than ...

CVE-2017-8205

2 days ago

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has th ...

CVE-2017-8204

2 days ago

The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has t ...

CVE-2017-8212

2 days ago

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8207

2 days ago

The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8210

2 days ago

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8208

2 days ago

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8209

2 days ago

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8200

2 days ago

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of ...

CVE-2017-8211

2 days ago

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ...

CVE-2017-8215

2 days ago

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL ...

CVE-2017-8214

2 days ago

Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL ...

CVE-2017-8216

2 days ago

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privileg ...

CVE-2017-8201

2 days ago

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the p ...

CVE-2017-8206

2 days ago

HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily.

CVE-2017-8178

2 days ago

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone an ...

CVE-2017-8175

2 days ago

The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficient input validation vulnerability due to the lack of par ...

CVE-2017-8179

2 days ago

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious applicat ...

CVE-2017-8186

2 days ago

The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific para ...

CVE-2017-8183

2 days ago

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone ...

CVE-2017-8177

2 days ago

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking.

CVE-2017-8185

2 days ago

ME906s-158 earlier than ME906S_Installer_13.1805.
10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the file ...

CVE-2017-8181

2 days ago

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious a ...

CVE-2017-8180

2 days ago

The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious applicat ...

CVE-2017-8172

2 days ago

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart ...

CVE-2017-8184

2 days ago

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone ...

CVE-2017-8182

2 days ago

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone ...

CVE-2017-8173

2 days ago

Maya-L02,VKY-L09,VTR-L29,
Vicky-AL00A,Victoria-AL00
A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier ...

CVE-2017-8174

2 days ago

Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R00
1C30SPC600,V100R001C30SPC
700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and ...

CVE-2017-8198

2 days ago

FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to lau ...

CVE-2017-8199

2 days ago

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of ...

CVE-2017-8192

2 days ago

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege es ...

CVE-2017-8191

2 days ago

FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.

CVE-2017-8193

2 days ago

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with m ...

CVE-2017-8188

2 days ago

FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.

CVE-2017-8171

2 days ago

Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login ...

CVE-2017-8189

2 days ago

FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.

CVE-2017-8197

2 days ago

FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injec ...

CVE-2017-8194

2 days ago

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest m ...

CVE-2017-8195

2 days ago

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest m ...

CVE-2017-8196

2 days ago

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and mak ...

CVE-2017-8190

2 days ago

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject maliciou ...

CVE-2017-8147

2 days ago

AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudE
ngine 12800 with software V100R003C00, V100R005C00, V1 ...

CVE-2017-8149

2 days ago

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to t ...

CVE-2017-8155

2 days ago

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to th ...

CVE-2017-8157

2 days ago

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive informa ...

CVE-2017-8166

2 days ago

Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone.

CVE-2017-8167

2 days ago

Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause ...

CVE-2017-8168

2 days ago

FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the i ...

CVE-2017-8169

2 days ago

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a ...

CVE-2017-8159

2 days ago

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C2
33B019,KOB-L09C233B017,KO
B-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is differen ...

CVE-2017-8163

2 days ago

AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...

CVE-2017-8162

2 days ago

AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...

CVE-2017-8158

2 days ago

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to e ...

CVE-2017-8153

2 days ago

Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pa ...

CVE-2017-8156

2 days ago

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on the serial port. An attacker can access the serial port on the circuit board of the outdoor unit and log in to the CPE without auth ...

CVE-2017-8151

2 days ago

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile pho ...

CVE-2017-8144

2 days ago

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D0
03,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versi ...

CVE-2017-8170

2 days ago

Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a ...

CVE-2017-8152

2 days ago

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial wit ...

CVE-2017-8141

2 days ago

The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious applicatio ...

CVE-2017-8150

2 days ago

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the la ...

CVE-2017-8161

2 days ago

EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D0
04 versions have Factory Reset Protection (FRP) bypass secu ...

CVE-2017-8148

2 days ago

Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer a ...

CVE-2017-8160

2 days ago

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B
122,Vicky-TL00AC01B167,Ea
rlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC0
0B123,Victoria-TL00AC01B1
67 has a use after free (UAF) ...

CVE-2017-8143

2 days ago

Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the app ...

CVE-2017-8146

2 days ago

The call module of P10 and P10 Plus smrtphones with software the versions before VTR-AL00C00B167, the versions before VTR-TL00C01B167, the versions before VKY-AL00C00B167, the vertions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick ...

CVE-2017-8145

2 days ago

The call module of P10 and P10 Plus smrtphones with software the versions before VTR-AL00C00B167, the versions before VTR-TL00C01B167, the versions before VKY-AL00C00B167, the vertions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick ...

CVE-2017-8142

2 days ago

The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user ...

CVE-2017-8138

2 days ago

HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.

CVE-2017-8127

2 days ago

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.

CVE-2017-8128

2 days ago

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri ...

CVE-2017-8137

2 days ago

HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.

CVE-2017-8140

2 days ago

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads ...

CVE-2017-8133

2 days ago

Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low ...

CVE-2017-8135

2 days ago

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privi ...

CVE-2017-8121

2 days ago

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

CVE-2017-8131

2 days ago

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privi ...

CVE-2017-8118

2 days ago

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

CVE-2017-8120

2 days ago

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri ...

CVE-2017-8117

2 days ago

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri ...

CVE-2017-2739

2 days ago

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.