Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-15307
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.
CVSS Score
2.3
EPSS Score
0.0
Published
2017-12-22
CVE-2017-15308
Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-12-22
CVE-2017-15309
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.
CVSS Score
7.1
EPSS Score
0.001
Published
2017-12-22
CVE-2017-16766
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-12-22
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-12-22
CVE-2017-10869
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-12-22
CVE-2017-10872
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-12-22
CVE-2017-10907
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.031
Published
2017-12-22
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-12-22
CVE-2017-10909
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-12-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved