Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2017-15343 | Integer Overflow or Wraparound vulnerability in Huawei Ar120-S Firmware, Ar1200 Firmware and Ar3200 Firmware Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. | 7.5 |
| 2018-02-15 | CVE-2017-15342 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. | 7.5 |
| 2018-02-15 | CVE-2017-15341 | Improper Certificate Validation vulnerability in Huawei products Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. | 7.5 |
| 2018-02-15 | CVE-2017-15329 | SQL Injection vulnerability in Huawei UMA Firmware V200R001C00 Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. | 8.8 |
| 2018-02-15 | CVE-2017-18087 | Unspecified vulnerability in Atlassian Bitbucket The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. | 7.5 |
| 2018-02-15 | CVE-2018-7055 | Server-Side Request Forgery (SSRF) vulnerability in Steelcase Roomwizard Firmware GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | 7.5 |
| 2018-02-15 | CVE-2017-18189 | NULL Pointer Dereference vulnerability in multiple products In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | 7.5 |
| 2018-02-15 | CVE-2017-12726 | Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 7.3 |
| 2018-02-15 | CVE-2017-12724 | Use of Hard-coded Credentials vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 8.1 |
| 2018-02-15 | CVE-2017-12720 | Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6 An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. | 8.1 |