CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17145
https://notcve.org/view.php?id=CVE-2017-17145
Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. Los smartphones Huawei Honor V9 Play con versiones anteriores a Jimmy-AL00AC00B135 tienen una vulnerabilidad de omisión de autenticación debido a un diseño incorrecto de un componente. Un atacante que consiga el smartphone de un usuario puede ejecutar operaciones específicas y eliminar la huella del teléfono sin autenticación. • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15351
https://notcve.org/view.php?id=CVE-2017-15351
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. La función "Find Phone" en los smartphones Huawei Honor V9 play con versiones anteriores a la Jimmy-AL00AC00B135 tiene una vulnerabilidad de omisión de autenticación. Esto se debe a la realización indebida de la autenticación en la función "Find Phone". • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 30%CPEs: 54EXPL: 3CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •