There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.4AI Score
0.001EPSS
Huawei Taurus-AL00A Resource Management Error Vulnerability
Huawei Taurus-AL00A is a smartphone from Huawei of China.Huawei Taurus-AL00A is vulnerable to a resource management error. A module fails to properly process a message, and a function references freed memory. An attacker could use this vulnerability to trick a user into running a carefully...
5.5CVSS
2AI Score
0.001EPSS
Security Advisory - Use after Free Vulnerability in Huawei Product
There is a use after free vulnerability on Huawei smartphones. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would...
5.5CVSS
5.5AI Score
0.001EPSS
It’s Time to Stop Sharing Your Passwords With Your Partner
Go ahead, give them the keys to your heart—but anything more could make a cybersecurity...
2.2AI Score
Silent Librarian APT right on schedule for 20/21 academic year
A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September, we were tipped off by one of our customers about a new active campaign from this APT group. Based off a...
6.8AI Score
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
5.2AI Score
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
5.1AI Score
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.2AI Score
0.0004EPSS
Security Advisory - Out-of-Bounds Read Vulnerability in Some Huawei Smart Phone
There is an out-of-bounds read vulnerability in XFRM module of some Huawei smart phone. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak....
5.5CVSS
5.1AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
5.5AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
5.4AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5AI Score
0.0004EPSS
Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle...
6.8CVSS
6AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Huawei Smartphone
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2018-03100) This vulnerability has been...
5.5CVSS
5.3AI Score
0.0004EPSS
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than...
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2020-02156) This vulnerability has been...
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - Improper Authorization Vulnerability in some Huawei Smartphones
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has....
6.1AI Score
EPSS
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. Certain system configuration can be modified because of improper authorization. The attacker should trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of...
5.5CVSS
5.3AI Score
0.001EPSS
There is an improper authentication vulnerability in Bluetooth affect several Huawei products. Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing...
5.4CVSS
6.6AI Score
0.001EPSS
Security Advisory - Stack Overflow Vulnerability in Huawei Smart Phone Product
There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This.....
6.2AI Score
EPSS
Anonymous user able to access some agile board's report configuration
h3. Issue Summary When someone who did not login to Jira tried to access direct URL to Average Age Report, the user will be shown Configure - Average Age Report page instead of Jira asking the user to login. h3. Steps to Reproduce # Copy the full URL to an Average Age Report (Eg:...
AI Score
Security Advisory - Denial of Service Vulnerability in Several Products
There is a denial of service vulnerability in several products. The device does not properly handle certain message from base station, the attacker should craft a fake base station to launch the attack, successful exploit could cause a denial of signal service condition. (Vulnerability ID:...
5.3CVSS
5.2AI Score
0.001EPSS
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to.....
0.5AI Score
Security Advisory - Insufficient Integrity Check Vulnerability in Several Smartphones
There is an insufficient integrity check vulnerability in several smartphones. The system does not check certain software package's integrity sufficiently, successful exploit could allow an attacker to load a crafted software package to the device. (Vulnerability ID: HWPSIRT-2019-11020) This...
4.6CVSS
4.9AI Score
0.001EPSS
ParetoLogic facing complaint of alleged wrongdoing
A short while ago we reported on the FTC ruling against payment provider RevenueWire. Now, another Canadian company is under scrutiny, and the cases are very much related. Not only are these companies hailing from the same city, they also share some founders. The company ParetoLogic is involved in....
-0.4AI Score
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected...
4.6CVSS
4.7AI Score
0.001EPSS
Huawei Data Communication: FragmentSmack Vulnerability in Linux Kernel (huawei-sa-20190123-01-linux)
There is a DoS vulnerability in the Linux Kernel versions 3.9+ known as a FragmentSmack...
0.3AI Score
0.017EPSS
Huawei Data Communication: SegmentSmack Vulnerability in Linux Kernel (huawei-sa-20181031-02-linux)
There is a DoS vulnerability in the Linux Kernel versions 4.9+ and supported versions known as a SegmentSmack...
0.1AI Score
0.783EPSS
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without...
2.4CVSS
4.6AI Score
0.001EPSS
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
There is a privilege escalation vulnerability in the ioctl handlers of the Mediatek CMDQ driver. Local attackers can exploit this vulnerability to read and write to the system memory. Successful exploit may lead to local escalation of privilege. (Vulnerability ID: HWPSIRT-2020-03106) This...
7.8CVSS
7.2AI Score
0.001EPSS
Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)
Security researchers disclosed two groups of CPU...
-0.1AI Score
0.976EPSS
Security Advisory - Information Leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. (Vulnerability ID: HWPSIRT-2020-02166) This vulnerability has been assigned a Common....
6.5CVSS
6AI Score
0.001EPSS
Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones
There is an out of bound read vulnerability in several smartphones. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. (Vulnerability ID:...
7.1CVSS
6.1AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
6.3AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.6AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
5.9AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.4AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
5.7AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
5.3CVSS
4.6AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
6.3AI Score
0.001EPSS
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device.....
4.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.4AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.5CVSS
5.3AI Score
0.001EPSS
Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device...
5.4AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability on Huawei Smartphone
There is an denial of service vulnerability on some Huawei smartphone. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. (Vulnerability ID: HWPSIRT-2019-12057) This...
5.5CVSS
5.4AI Score
0.001EPSS
Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines
Recent malware campaigns reveal that cybercriminals aren’t sparing healthcare firms, medical suppliers and hospitals on the frontlines of the coronavirus pandemic. Researchers have shed light on two recently uncovered malware campaigns: one targeting a Canadian government healthcare organization...
-0.2AI Score
0.973EPSS
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2020-01073) This...
5.5CVSS
5.3AI Score
0.001EPSS