Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-22 | CVE-2017-15311 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. | 8.8 |
| 2017-12-22 | CVE-2017-15309 | Path Traversal vulnerability in Huawei Ireader Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. | 7.1 |
| 2017-12-22 | CVE-2017-15308 | Improper Input Validation vulnerability in Huawei Ireader Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. | 8.8 |
| 2017-12-22 | CVE-2017-10909 | Untrusted Search Path vulnerability in Sony Music Center 1.0.00/1.0.01 Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-12-22 | CVE-2017-10908 | Improper Input Validation vulnerability in Dena H2O H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | 7.5 |
| 2017-12-22 | CVE-2017-10869 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dena H2O Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | 7.5 |
| 2017-12-22 | CVE-2017-10868 | Improper Input Validation vulnerability in Dena H2O H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | 7.5 |
| 2017-12-21 | CVE-2017-17692 | Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 |
| 2017-12-21 | CVE-2017-6167 | Race Condition vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | 7.5 |
| 2017-12-21 | CVE-2017-6164 | Improper Input Validation vulnerability in F5 products In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. | 8.1 |