Alp-al00b, Bla-al00b Security Vulnerabilities
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...
6.2CVSS
6.6AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.8AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.6AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.7AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.6AI Score
0.0004EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.2CVSS
6.5AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8CVSS
7.7AI Score
0.001EPSS
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain...
6.6AI Score
0.0004EPSS
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific...
8.8AI Score
0.003EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted...
4.6AI Score
0.001EPSS
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...
6.6AI Score
0.0004EPSS
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system...
7.8AI Score
0.001EPSS
Security Advisory - Use-after-free Vulnerability in Android Kernel
There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. (Vulnerability ID: HWPSIRT-2019-10100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215. Huawei has...
7.8CVSS
6.9AI Score
0.003EPSS
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. Successful exploitation may cause the attacker to access specific components. (Vulnerability ID: HWPSIRT-2019-07245) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-5233....
8.8CVSS
8.3AI Score
0.003EPSS
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. (Vulnerability ID: HWPSIRT-2019-07075)...
4.6CVSS
4.8AI Score
0.001EPSS
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause DOS or malicious code execution....
6.2CVSS
6.6AI Score
0.0004EPSS
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. (Vulnerability ID:.....
6.2CVSS
6.5AI Score
0.0004EPSS
Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones
Some Huawei smart phones have two integer overflow vulnerabilities due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this...
7.8CVSS
8.2AI Score
0.001EPSS
0.4AI Score
0.4AI Score
0.6AI Score
Security Advisory - Version Downgrade Vulnerabilities on Smartphones and HiSuite
There are version downgrade vulnerabilities on smartphones and HiSuite. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. (Vulnerability ID: HWPSIRT-2019-06023 and HWPSIRT-2019-06024) The two...
5.5CVSS
5.9AI Score
0.001EPSS
0.1AI Score
0.1AI Score
0.3AI Score
0.5AI Score
0.5AI Score
0.4AI Score
0.4AI Score
0.3AI Score
Cisco UCS Director, Cisco Integrated Management Controller Supervisor - Multiple Vulnerabilities
...
9.8CVSS
0.5AI Score
0.942EPSS
1.1AI Score
0.942EPSS
Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability
The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices. The negotiation process is not encrypted and no authentication is performed. An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to....
8.1CVSS
8.4AI Score
0.001EPSS
9.8CVSS
8.3AI Score
0.942EPSS
Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple...
9.8CVSS
0.4AI Score
0.942EPSS
Security Advisory - Null Pointer Reference Vulnerability in Some Huawei Smart Phones
There is a null pointer reference vulnerability in some Huawei smart phones. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. (Vulnerability ID: HWPSIRT-2019-05097) This vulnerability....
5.3CVSS
5.3AI Score
0.001EPSS
Security Advisory - Buffer Overflow Vulnerability on Several Smartphones
There is a buffer overflow vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution....
7.8CVSS
7.8AI Score
0.001EPSS
Security Advisory - Out of Bounds Read Vulnerability on Several Smartphones
There is an out of bounds read vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and...
5.5CVSS
5AI Score
0.001EPSS
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...
8.1CVSS
8.8AI Score
0.001EPSS
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...
8.1CVSS
8.5AI Score
0.001EPSS
Two Denial of Service Vulnerabilities on Some Huawei Smartphones
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause an...
5.3CVSS
5.7AI Score
0.001EPSS
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific...
7.8CVSS
7.7AI Score
0.001EPSS
Macro browser breaks https secure connection
h3. Issue Summary Macro browser loads http insecure resources including a data:image/png and a testing mocking resource [http://example.com/bla-bla-bla] h3. Environment (Optional - If Applicable) * * h3. Steps to Reproduce # Create a page # Open macro browser h3. Expected Results Connection...
-0.1AI Score
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...
5.5CVSS
5AI Score
0.001EPSS
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...
5.5CVSS
5AI Score
0.001EPSS
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...
5.5CVSS
5AI Score
0.001EPSS
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...
5AI Score
0.001EPSS
Security Advisory - Information Disclosure Vulnerability on Secure Input
There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones. The Secure Input does not properly limit certain system privilege, an attacker tricks the user to install a malicious application, successful exploit could result in information disclosure....
5.5CVSS
4.8AI Score
0.001EPSS
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...
4.6CVSS
4.7AI Score
0.001EPSS
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...
4.6CVSS
4.7AI Score
0.001EPSS