Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle...
6.8CVSS
6AI Score
0.001EPSS
Call For Customer Presentations at Black Hat USA 2019!
Tell your security story to your peers at Black Hat USA 2019! Qualys is looking for customers excited to share your security story, for example: How you integrate security into DevOps Best practices for building security into modern enterprises Case studies leveraging the use of the Qualys Cloud...
1.1AI Score
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a...
4.6CVSS
4.9AI Score
0.001EPSS
Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones
Some Huawei mobile phones have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit.....
7.8CVSS
7.6AI Score
0.001EPSS
Martin Zeiser and Aleksandar Nikolich authored this post. Executive summary With tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and...
6.7AI Score
Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones
There is a Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can delete the activation lock after a series of operation, As a result, the FRP function is bypassed and the attacker gains....
4.6CVSS
4.9AI Score
0.001EPSS
Security Advisory - Double Free Vulnerability on Bastet Module of Some Huawei Smartphones
There is a double free vulnerability on Bastet module of some Huawei smartphones. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution. (Vulnerability ID: HWPSIRT-2018-12500)...
7.8CVSS
7.5AI Score
0.001EPSS
Security Advisory - Authorization Bypass Vulnerability on Some Huawei Smartphone
Some Huawei smart phones have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope...
6.4CVSS
6.2AI Score
0.001EPSS
Razy Malware Attacks Browser Extensions to Steal Cryptocurrency
UPDATE A Windows malware dubbed “Razy” has been uncovered that sports a toolbox of cryptocurrency theft and fraud tools. Razy works by weaponizing browser extensions in order to perpetrate a range of online scams on unwitting victims. According to researchers at Kaspersky Lab, the trojan targets...
-0.1AI Score
Razy in search of cryptocurrency
Last year, we discovered malware that installs a malicious browser extension on its victim's computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the...
-0.7AI Score
Security Advisory - Race Condition Vulnerability on Several Smartphones
There is a race condition vulnerability on certain driver of smartphone. An attacker tricks the user into installing a malicious application, which make multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. (Vulnerability ID:...
7CVSS
6.6AI Score
0.001EPSS
This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this...
2.4AI Score
A week in security (December 31, 2018 – January 6, 2019)
Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab. Other cybersecurity news 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded...
0.1AI Score
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information...
6.5CVSS
6.4AI Score
0.001EPSS
Security Advisory - Smart SMS Verification Code Vulnerability in Some Huawei Smart Phones
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.....
6.5CVSS
6.2AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Some Huawei Smartphones
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. (Vulnerability ID:...
4.3CVSS
4.7AI Score
0.001EPSS
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this...
6.8CVSS
6.6AI Score
0.001EPSS
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this...
6.8CVSS
6.6AI Score
0.001EPSS
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this...
6.8CVSS
6.6AI Score
0.001EPSS
The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this...
6.6AI Score
0.001EPSS
Security Advisory - Lock-screen Bypass Vulnerability in Huawei Smartphones
There is a lock-screen bypass vulnerability in radio module of some Huawei smartphones. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability. (Vulnerability ID: HWPSIRT-2018-04055) This vulnerability has.....
6.8CVSS
6.5AI Score
0.001EPSS
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of....
7.5CVSS
2.9AI Score
0.783EPSS
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of....
7.5CVSS
7.2AI Score
0.783EPSS
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B...
4.6CVSS
4.8AI Score
0.001EPSS
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B...
4.6CVSS
4.7AI Score
0.001EPSS
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B...
4.6CVSS
4.8AI Score
0.001EPSS
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B...
4.7AI Score
0.001EPSS
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device...
2.4CVSS
3.7AI Score
0.001EPSS
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device...
2.4CVSS
3.6AI Score
0.001EPSS
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device...
2.4CVSS
3.3AI Score
0.001EPSS
Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device...
3.4AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei phones have an information leak vulnerability. Due to improper permission settings for specific commands, attackers who can connect to a mobile phone via the USB interface may exploit this vulnerability to obtain specific device information of the mobile phone. (Vulnerability ID:...
2.4CVSS
4AI Score
0.001EPSS
Security Advisory - Improper Authentication Vulnerability on Smartphones
There is an improper authentication vulnerability on smartphones. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is....
4.6CVSS
5.2AI Score
0.001EPSS
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001,...
5.5CVSS
5.2AI Score
0.001EPSS
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001,...
5.5CVSS
5.2AI Score
0.001EPSS
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001,...
5.5CVSS
5.2AI Score
0.001EPSS
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001,...
5.2AI Score
0.001EPSS
Open Bug Bounty ID: OBB-679244 Description| Value ---|--- Affected Website:| bookin1.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
-0.1AI Score
Security Advisory - Sensitive Information Leak Vulnerability in Some Huawei Products
There is a sensitive information leak vulnerability in some Huawei products. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. (Vulnerability...
5.5CVSS
5.2AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.5CVSS
5.3AI Score
0.001EPSS
Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter,...
5.3AI Score
0.001EPSS
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service (DoS) vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until...
5.5CVSS
5.3AI Score
0.001EPSS
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...
3.3CVSS
3.7AI Score
0.001EPSS
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...
3.3CVSS
3.7AI Score
0.001EPSS
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...
3.3CVSS
3.5AI Score
0.001EPSS
P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number,...
3.6AI Score
0.001EPSS
Security Advisory - FRP Bypass Vulnerability on Huawei Smart Phones
There is a FRP bypass vulnerability on Huawei smart phones. During the mobile phone reseting process, an attacker could bypass "Find My Phone" protect after a series of voice and keyboard operations. Successful exploit could allow an attacker to bypass FRP. (Vulnerability ID: HWPSIRT-2018-06018)...
4.6CVSS
4.9AI Score
0.001EPSS
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
Some Huawei smartphones have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak....
3.3CVSS
4AI Score
0.001EPSS