ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, Security Vulnerabilities
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...
4.6CVSS
4.6AI Score
0.001EPSS
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not...
5.5CVSS
5.3AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...
4.6CVSS
4.6AI Score
0.001EPSS
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific...
8.8CVSS
8.7AI Score
0.003EPSS
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...
6.2CVSS
6.6AI Score
0.0004EPSS
Security Advisory - Improper File Management Vulnerability in Huawei Share
The Huawei Share function of some Huawei phones has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the...
5.7CVSS
5.5AI Score
0.001EPSS
Security Advisory - Improper Access Control Vulnerability in Huawei Share
There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share,...
5.5CVSS
5AI Score
0.001EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.8AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.6AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.7AI Score
0.001EPSS
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...
2.4CVSS
3.7AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.6AI Score
0.0004EPSS
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...
2.4CVSS
4.1AI Score
0.001EPSS
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...
2.4CVSS
4AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.5AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.7AI Score
0.001EPSS
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...
6.6AI Score
0.0004EPSS
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific...
8.8AI Score
0.003EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...
4.6AI Score
0.001EPSS
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not...
5.3AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.6AI Score
0.0004EPSS
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...
3.7AI Score
0.001EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8AI Score
0.001EPSS
ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
Much has been made of the fallout that companies face after a data breach. But for public companies, shaken investor confidence adds a whole new dimension to recovery concerns. A recent study from Comparitech shows that share prices for large breached companies will hit a low point approximately...
-0.1AI Score
automovilescrespo.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1011187 Security Researcher metamorfosec Helped patch 1980 vulnerabilities Received 9 Coordinated Disclosure badges Received 32 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting automovilescrespo.com.....
6.3AI Score
Understanding the Ripple Effect: Large Enterprise Data Breaches Threaten Everyone
Big businesses are constantly under attack, and that affects everyone from customers and business partners to parties with national security interests. When successful, the initial compromise is only a means to an end — the real goal is to mount follow-on attacks like spearphishing, extortion...
0.6AI Score
Security Advisory 2019-11-05-2 - LuCI CSRF vulnerability (CVE-2019-17367)
** DESCRIPTION ** A logic flaw in LuCI's HTTP routing component led to ineffective CSRF token testing for various request endpoints, specifically ones using the arcombine() dispatch action. This allows 3rd party web pages running in the same browser session as an active LuCI login session to...
8.8CVSS
-0.4AI Score
0.001EPSS
alcenero.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1006687 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
-0.2AI Score
Security Advisory - Information Leakage Vulnerability on Some Smart Phones
There is an information leakage vulnerability on some Huawei smart phones. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. (Vulnerability ID: HWPSIRT-2019-04072) This vulnerability has been assigned....
5.5CVSS
5.3AI Score
0.001EPSS
Security Advisory - Use-after-free Vulnerability in Android Kernel
There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. (Vulnerability ID: HWPSIRT-2019-10100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215. Huawei has...
7.8CVSS
6.9AI Score
0.003EPSS
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. Successful exploitation may cause the attacker to access specific components. (Vulnerability ID: HWPSIRT-2019-07245) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5233....
8.8CVSS
8.3AI Score
0.003EPSS
Verizon, AT&T, Sprint and T-Mobile to replace SMS with RCS Messaging in 2020
Mobile carriers in the United States will finally offer a universal cross-carrier communication standard for the next-generation RCS messaging service that is meant to replace SMS and has the potential to change the way consumers interact with brands for years to come. All major United States...
-0.3AI Score
Security Advisory - Insufficient Authentication Vulnerability in Several Smartphones
There is an insufficient authentication vulnerability on several smartphones. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock....
2.4CVSS
4.4AI Score
0.001EPSS
Most Americans Fail Cybersecurity Quiz
When it comes to two-factor authentication and secure web browsing, most Americans don’t know their HTTPS from their 2FA to save their digital bacon: A Pew Research Center study found most Americans don’t have a firm grasp of cybersecurity issues core to protecting their data. Click to enlarge....
1.1AI Score
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
Update (09/27/2019): Additional information regarding the malware interaction with various online advertisements has been included to highlight the click-fraud related network communications associated with Divergent. Executive summary Cisco Talos recently discovered a new malware loader being...
0.9AI Score
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. (Vulnerability ID: HWPSIRT-2019-07075)...
4.6CVSS
4.8AI Score
0.001EPSS
marketingedge.jp Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-982830 Security Researcher KhanJanny Helped patch 3061 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting marketingedge.jp website...
AI Score
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land...
-0.3AI Score
Security Advisory - Improper Validation Vulnerability in Several Smartphones
There is an improper validation vulnerability on several smartphones. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model , successful exploit could allow the attacker to get and....
5.5CVSS
5.3AI Score
0.001EPSS
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause DOS or malicious code execution....
6.2CVSS
6.6AI Score
0.0004EPSS
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. (Vulnerability ID:.....
6.2CVSS
6.5AI Score
0.0004EPSS
Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones
Some Huawei smart phones have two integer overflow vulnerabilities due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this...
7.8CVSS
8.2AI Score
0.001EPSS
Security Advisory - Race Condition Vulnerability on Several Smartphones
There is a race condition vulnerability on certain detection module of smartphone. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful...
7.8CVSS
7.7AI Score
0.001EPSS
0.4AI Score
0.6AI Score
0.4AI Score
Security Advisory - Version Downgrade Vulnerabilities on Smartphones and HiSuite
There are version downgrade vulnerabilities on smartphones and HiSuite. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. (Vulnerability ID: HWPSIRT-2019-06023 and HWPSIRT-2019-06024) The two...
5.5CVSS
5.9AI Score
0.001EPSS
0.3AI Score
0.1AI Score
0.1AI Score