There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...
4.3AI Score
0.0004EPSS
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...
7.5AI Score
0.002EPSS
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal...
7AI Score
0.0004EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
4.2AI Score
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
3.3CVSS
4AI Score
0.001EPSS
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...
4.3AI Score
0.001EPSS
Security Advisory - Out-of-Bound Read Vulnerability in Huawei Smartphone
There is an out-of-bound read vulnerability in Huawei smartphone. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. (Vulnerability ID: HWPSIRT-2020-04158)...
7.1CVSS
6.4AI Score
0.0004EPSS
Security Advisory - Use After Free Vulnerability in Huawei Smartphone
There is a use after free vulnerability in smartphone. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal...
3.3CVSS
4.8AI Score
0.0004EPSS
Security Advisory - Pointer Double Free Vulnerability in Huawei Smartphone
There is a pointer double free vulnerability in Huawei smartphone. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal...
3.3CVSS
4.7AI Score
0.001EPSS
Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'
President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. Those included hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency (CISA). The....
-0.8AI Score
Leading Game Publishers Hit Hard by Leaked-Credential Epidemic
Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. Over 500,000 stolen credentials tied to the top 25 gaming firms were found on caches of breached data online and up....
0.5AI Score
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.5CVSS
5.4AI Score
0.001EPSS
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.5CVSS
5.4AI Score
0.001EPSS
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.5CVSS
5.5AI Score
0.001EPSS
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common...
5.4AI Score
0.001EPSS
Huawei Taurus-AL00A Resource Management Error Vulnerability
Huawei Taurus-AL00A is a smartphone from Huawei of China.Huawei Taurus-AL00A is vulnerable to a resource management error. A module fails to properly process a message, and a function references freed memory. An attacker could use this vulnerability to trick a user into running a carefully...
5.5CVSS
2AI Score
0.001EPSS
Security Advisory - Use after Free Vulnerability in Huawei Product
There is a use after free vulnerability on Huawei smartphones. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would...
5.5CVSS
5.5AI Score
0.001EPSS
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected...
7.8CVSS
7.8AI Score
0.0004EPSS
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected...
7.8CVSS
7.8AI Score
0.0004EPSS
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected...
7.8CVSS
7.8AI Score
0.0004EPSS
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected...
7.8AI Score
0.0004EPSS
It’s Time to Stop Sharing Your Passwords With Your Partner
Go ahead, give them the keys to your heart—but anything more could make a cybersecurity...
2.2AI Score
Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones
There is an out-of-bounds read and write vulnerability in smartphone products. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the...
7.8CVSS
7.5AI Score
0.0004EPSS
Silent Librarian APT right on schedule for 20/21 academic year
A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. In mid-September, we were tipped off by one of our customers about a new active campaign from this APT group. Based off a...
6.8AI Score
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
5.2AI Score
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.5CVSS
5.1AI Score
0.0004EPSS
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information...
5.2AI Score
0.0004EPSS
Security Advisory - Out-of-Bounds Read Vulnerability in Some Huawei Smart Phone
There is an out-of-bounds read vulnerability in XFRM module of some Huawei smart phone. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak....
5.5CVSS
5.1AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
5.5AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5CVSS
5.4AI Score
0.0004EPSS
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than...
5.5AI Score
0.0004EPSS
Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle...
6.8CVSS
6AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Huawei Smartphone
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2018-03100) This vulnerability has been...
5.5CVSS
5.3AI Score
0.0004EPSS
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than...
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2020-02156) This vulnerability has been...
5.5CVSS
5.3AI Score
0.0004EPSS
Security Advisory - Improper Authorization Vulnerability in some Huawei Smartphones
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has....
6.1AI Score
EPSS
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. Certain system configuration can be modified because of improper authorization. The attacker should trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of...
5.5CVSS
5.3AI Score
0.001EPSS
There is an improper authentication vulnerability in Bluetooth affect several Huawei products. Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing...
5.4CVSS
6.6AI Score
0.001EPSS
Security Advisory - Denial of Service Vulnerability in Several Products
There is a denial of service vulnerability in several products. The device does not properly handle certain message from base station, the attacker should craft a fake base station to launch the attack, successful exploit could cause a denial of signal service condition. (Vulnerability ID:...
5.3CVSS
5.2AI Score
0.001EPSS
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to.....
0.5AI Score
Security Advisory - Insufficient Integrity Check Vulnerability in Several Smartphones
There is an insufficient integrity check vulnerability in several smartphones. The system does not check certain software package's integrity sufficiently, successful exploit could allow an attacker to load a crafted software package to the device. (Vulnerability ID: HWPSIRT-2019-11020) This...
4.6CVSS
4.9AI Score
0.001EPSS
ParetoLogic facing complaint of alleged wrongdoing
A short while ago we reported on the FTC ruling against payment provider RevenueWire. Now, another Canadian company is under scrutiny, and the cases are very much related. Not only are these companies hailing from the same city, they also share some founders. The company ParetoLogic is involved in....
-0.4AI Score
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected...
4.6CVSS
4.7AI Score
0.001EPSS
Huawei Data Communication: FragmentSmack Vulnerability in Linux Kernel (huawei-sa-20190123-01-linux)
There is a DoS vulnerability in the Linux Kernel versions 3.9+ known as a FragmentSmack...
0.3AI Score
0.017EPSS
Huawei Data Communication: SegmentSmack Vulnerability in Linux Kernel (huawei-sa-20181031-02-linux)
There is a DoS vulnerability in the Linux Kernel versions 4.9+ and supported versions known as a SegmentSmack...
0.1AI Score
0.783EPSS
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
There is a privilege escalation vulnerability in the ioctl handlers of the Mediatek CMDQ driver. Local attackers can exploit this vulnerability to read and write to the system memory. Successful exploit may lead to local escalation of privilege. (Vulnerability ID: HWPSIRT-2020-03106) This...
7.8CVSS
7.2AI Score
0.001EPSS
Huawei Data Communication: CPU Vulnerabilities 'Meltdown' and 'Spectre' (huawei-sa-20180606-01-cpu)
Security researchers disclosed two groups of CPU...
-0.1AI Score
0.976EPSS