CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10051 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3.0. Easily exploitable vulne… | |||
| CVE-2017-8708 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-6775 | medium | 5.7 | 5.7 | 9y ago | A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to a… | |||
| CVE-2017-11348 | medium | 5.7 | 5.7 | 9y ago | In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or m… | |||
| CVE-2017-9773 | medium | 5.7 | 5.7 | 9y ago | Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | |||
| CVE-2017-1214 | medium | 5.7 | 5.7 | 9y ago | IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. | |||
| CVE-2017-9546 | medium | 5.7 | 5.7 | 9y ago | admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. | |||
| CVE-2017-0259 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive info… | |||
| CVE-2017-0258 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server … | |||
| CVE-2017-0245 | medium | 4.7 | 5.7 | 9y ago | The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain ker… | |||
| CVE-2017-0220 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, … | |||
| CVE-2017-0175 | medium | 4.7 | 5.7 | 9y ago | The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Inform… | |||
| CVE-2017-5042 | medium | 5.7 | 5.7 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3597 | medium | 5.7 | 5.7 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-0058 | medium | 4.7 | 5.7 | 9y ago | A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability co… | |||
| CVE-2017-0062 | medium | 4.7 | 5.7 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-3292 | medium | 5.7 | 5.7 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo… | |||
| CVE-2017-3276 | medium | 5.7 | 5.7 | 10y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit… | |||
| CVE-2017-5754 | medium | 5.6 | 5.6 | 9y ago | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel a… | |||
| CVE-2017-17565 | medium | 5.6 | 5.6 | 9y ago | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion … | |||
| CVE-2017-14013 | medium | 5.6 | 5.6 | 9y ago | A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on… | |||
| CVE-2017-14007 | medium | 5.6 | 5.6 | 9y ago | An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing… | |||
| CVE-2017-15038 | medium | 5.6 | 5.6 | 9y ago | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to rea… | |||
| CVE-2017-14317 | medium | 5.6 | 5.6 | 9y ago | A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xens… | |||
| CVE-2017-9330 | medium | 5.6 | 5.6 | 9y ago | QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return valu… | |||
| CVE-2017-9310 | medium | 5.6 | 5.6 | 9y ago | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the ini… | |||
| CVE-2017-3265 | medium | 5.6 | 5.6 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. … | |||
| CVE-2017-15092 | medium | — | 5.5 | — | A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing… | |||
| CVE-2017-17725 | medium | — | 5.5 | — | In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of … | |||
| CVE-2017-18198 | medium | — | 5.5 | — | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf… | |||
| CVE-2017-17723 | medium | — | 5.5 | — | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial o… | |||
| CVE-2017-18183 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. | |||
| CVE-2017-15094 | medium | — | 5.5 | — | An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are … | |||
| CVE-2017-2669 | medium | — | 5.5 | — | Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_exp… | |||
| CVE-2017-15090 | medium | — | 5.5 | — | An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed dat… | |||
| CVE-2017-18185 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. | |||
| CVE-2017-18184 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. | |||
| CVE-2017-17722 | medium | — | 5.5 | — | In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file. | |||
| CVE-2017-15710 | medium | — | 5.5 | — | multiple issues in apache | |||
| CVE-2017-18186 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. | |||
| CVE-2017-15715 | medium | — | 5.5 | — | multiple issues in apache | |||
| CVE-2017-15093 | medium | — | 5.5 | — | When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized us… | |||
| CVE-2017-11544 | medium | — | 5.5 | — | denial of service in tcpdump | |||
| CVE-2017-11545 | medium | — | 5.5 | — | denial of service in tcpdump | |||
| CVE-2017-18199 | medium | — | 5.5 | — | realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. | |||
| CVE-2017-17724 | medium | — | 5.5 | — | In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to ca… | |||
| CVE-2017-3140 | medium | — | 5.5 | — | If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.… | |||
| CVE-2017-15107 | medium | — | 5.5 | — | A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostname… | |||
| CVE-2017-7468 | medium | — | 5.5 | — | In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is a… | |||
| CVE-2017-15364 | medium | 5.5 | 5.5 | 4y ago | ccsv Double Free vulnerability | |||
| CVE-2017-17554 | medium | 5.5 | 5.5 | 4y ago | A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-18640 | medium | — | 5.5 | 5y ago | RHSA-2020:4807: prometheus-jmx-exporter security update (Moderate) | |||
| CVE-2017-18926 | medium | — | 5.5 | 5y ago | raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overfl… | |||
| CVE-2017-0359 | medium | — | 5.5 | 8y ago | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | |||
| CVE-2017-18258 | medium | — | 5.5 | 8y ago | Uncontrolled resource consumption in nokogiri | |||
| CVE-2017-18005 | medium | 5.5 | 5.5 | 9y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2017-17975 | medium | 5.5 | 5.5 | 9y ago | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have un… | |||
| CVE-2017-17967 | medium | 5.5 | 5.5 | 9y ago | pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. | |||
| CVE-2017-17862 | medium | 5.5 | 5.5 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning … | |||
| CVE-2017-17820 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |||
| CVE-2017-17819 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with … | |||
| CVE-2017-17817 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17816 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17815 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relations… | |||
| CVE-2017-17814 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17813 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syn… | |||
| CVE-2017-17812 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17811 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to … | |||
| CVE-2017-17810 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of… | |||
| CVE-2017-1596 | medium | 5.5 | 5.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | |||
| CVE-2017-1595 | medium | 5.5 | 5.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. | |||
| CVE-2017-17788 | medium | 5.5 | 5.5 | 9y ago | In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | |||
| CVE-2017-17669 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | |||
| CVE-2017-11934 | medium | 5.5 | 5.5 | 9y ago | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Micros… | |||
| CVE-2017-11273 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | |||
| CVE-2017-15121 | medium | 5.5 | 5.5 | 9y ago | A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||
| CVE-2017-17123 | medium | 5.5 | 5.5 | 9y ago | The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service… | |||
| CVE-2017-17113 | medium | 5.5 | 5.5 | 9y ago | ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. | |||
| CVE-2017-16611 | medium | 5.5 | 5.5 | 9y ago | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be trigge… | |||
| CVE-2017-17087 | medium | 5.5 | 5.5 | 9y ago | fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local user… | |||
| CVE-2017-17080 | medium | 5.5 | 5.5 | 9y ago | elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of servic… | |||
| CVE-2017-15116 | medium | 5.5 | 5.5 | 9y ago | The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | |||
| CVE-2017-17054 | medium | 5.5 | 5.5 | 9y ago | In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-8216 | medium | 5.5 | 5.5 | 9y ago | Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization o… | |||
| CVE-2017-8202 | medium | 5.5 | 5.5 | 9y ago | The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,version… | |||
| CVE-2017-8186 | medium | 5.5 | 5.5 | 9y ago | The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into inst… | |||
| CVE-2017-8184 | medium | 5.5 | 5.5 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8183 | medium | 5.5 | 5.5 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8175 | medium | 5.5 | 5.5 | 9y ago | The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficie… | |||
| CVE-2017-8172 | medium | 5.5 | 5.5 | 9y ago | Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a us… | |||
| CVE-2017-8149 | medium | 5.5 | 5.5 | 9y ago | The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 ha… | |||
| CVE-2017-8146 | medium | 5.5 | 5.5 | 9y ago | The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a … | |||
| CVE-2017-8145 | medium | 5.5 | 5.5 | 9y ago | The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a … | |||
| CVE-2017-8144 | medium | 5.5 | 5.5 | 9y ago | Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L… | |||
| CVE-2017-8143 | medium | 5.5 | 5.5 | 9y ago | Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a … | |||
| CVE-2017-8136 | medium | 5.5 | 5.5 | 9y ago | HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak. | |||
| CVE-2017-2734 | medium | 5.5 | 5.5 | 9y ago | P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart… | |||
| CVE-2017-2733 | medium | 5.5 | 5.5 | 9y ago | Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration… | |||
| CVE-2017-2732 | medium | 5.5 | 5.5 | 9y ago | Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP … | |||
| CVE-2017-2731 | medium | 5.5 | 5.5 | 9y ago | The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the … |