Alp-al00b, Alp-tl00b, Bla-al00b, Bla-l09c, Bla-l29c Security Vulnerabilities

Authorization

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...

Authentication flaw

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific...

Design/Logic Flaw

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...

Security Advisory - Improper File Management Vulnerability in Huawei Share

The Huawei Share function of some Huawei phones has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the...

Security Advisory - Improper Access Control Vulnerability in Huawei Share

There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share,...

CVE-2019-5228

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...

CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

CVE-2019-5228

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...

CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

Design/Logic Flaw

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

Race condition

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...

CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...

CVE-2019-5233

Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific...

CVE-2019-5231

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...

CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

CVE-2019-5228

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...

Security Advisory - Information Leakage Vulnerability on Some Smart Phones

There is an information leakage vulnerability on some Huawei smart phones. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage. (Vulnerability ID: HWPSIRT-2019-04072) This vulnerability has been assigned....

Security Advisory - Use-after-free Vulnerability in Android Kernel

There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. (Vulnerability ID: HWPSIRT-2019-10100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215. Huawei has...

Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones

There is an improper authentication vulnerability in some Huawei smartphones. Successful exploitation may cause the attacker to access specific components. (Vulnerability ID: HWPSIRT-2019-07245) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5233....

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The software does incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. (Vulnerability ID: HWPSIRT-2019-07075)...

marketingedge.jp Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-982830 Security Researcher KhanJanny Helped patch 3061 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting marketingedge.jp website...

Security Advisory - Insufficient Verification Vulnerability in Several Smartphones

There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause DOS or malicious code execution....

Security Advisory - Insufficient Verification Vulnerability in Several Smartphones

There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. (Vulnerability ID:.....

Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones

Some Huawei smart phones have two integer overflow vulnerabilities due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this...

Security Advisory - Race Condition Vulnerability on Several Smartphones

There is a race condition vulnerability on certain detection module of smartphone. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful...

Cisco Email Security Virtual Appliance C300V IronPort Header Injection

...

Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection

...

Cisco Email Security Virtual Appliance C380 IronPort Header Injection

...

Security Advisory - Version Downgrade Vulnerabilities on Smartphones and HiSuite

There are version downgrade vulnerabilities on smartphones and HiSuite. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. (Vulnerability ID: HWPSIRT-2019-06023 and HWPSIRT-2019-06024) The two...

Cisco IronPort C350 Header Injection

...

Microsoft Outlook Web Access 14.3.224.2 Header Injection

...

Cisco Email Security Virtual Appliance C100V IronPort Header Injection

...

Cisco C170 Email Security Appliance 10.0.3-003 IronPort Header Injection

...

Cisco C690 Email Security Appliance 11.0.2-044 IronPort Header Injection

...

Cisco M1070 Content Security Management Appliance IronPort Header Injection

...

Cisco Email Security Virtual Appliance C370 IronPort Header Injection

...

Cisco Email Security Virtual Appliance C600V IronPort Header Injection

...

Cisco UCS Director, Cisco Integrated Management Controller Supervisor - Multiple Vulnerabilities

...

Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection

...

Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability

The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices. The negotiation process is not encrypted and no authentication is performed. An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to....

Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

...

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple...

Security Advisory - Null Pointer Reference Vulnerability in Some Huawei Smart Phones

There is a null pointer reference vulnerability in some Huawei smart phones. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. (Vulnerability ID: HWPSIRT-2019-05097) This vulnerability....

Security Advisory - Buffer Overflow Vulnerability on Several Smartphones

There is a buffer overflow vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution....

Security Advisory - Out of Bounds Read Vulnerability on Several Smartphones

There is an out of bounds read vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and...

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...

Code injection

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...

Two Denial of Service Vulnerabilities on Some Huawei Smartphones

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause an...

CVE-2019-5299

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific...

CVE-2019-5236

Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability....