1006 matches found
Security Advisory - Information Leakage Vulnerability in Motion Sensor
Motion sensor in some Huawei smart phones has an information leakage vulnerability. An attacker may exploit this vulnerability to obtain specific information from the motion sensor through an APP installed on the smart phone and track the user. Successful exploit may cause information leak...
Security Advisory - Digital Balance Bypass Vulnerability in Huawei Smart Phones
There is a digital balance bypass vulnerability in some Huawei smart phones. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed...
Security Advisory - Two Vulnerabilities in Some Huawei Home Routers
Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. Vulnerability ID:...
Security Advisory - Stack Buffer Overflow Vulnerability in Several Products
There is a stack buffer overflow vulnerability in several products. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code...
Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database t...
Security Advisory - Escalation of Privilege Vulnerability in Intel AMT, Intel ISM and Intel SMT
Intel disclosed an escalation of privilege vulnerability in Intel Active Management Technology AMT, Intel Standard Manageability ISM, and Intel Small Business Technology in Security Center advisory INTEL-SA-00075. Unprivileged attackers could exploit this vulnerability to gain control of the...
Security Advisory-Bash Code Injection Vulnerability
This security advisory SA describes the impact of 6 Bash vulnerabilities discovered in third-party software Vulnerability ID: HWPSIRT-2014-0951. 1.OS Command Injections vulnerability CVE-2014-6271. GNU Bash through 4.3 processes trailing strings after function definitions in the values of...
Security Advisory - Information Leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly. Vulnerability ID: HWPSIRT-2020-02166 This vulnerability has been assigned a Common...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation of certain privilege, the attacker should trick the user into installing a malicious application before the user turns on student mode function. Successful exploit...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. Vulnerability ID: HWPSIRT-2019-07075 This...
Security Advisory - Remote Code Execution vulnerability in Apache Struts2
The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to...
Security Advisory - Improper Authentication Vulnerability in Several Huawei Products
Some Huawei products have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. Vulnerability ID: HWPSIRT-2020-04035 This vulnerability has been assigned a Common...
Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Smart Phones
There is an insufficient authentication vulnerability in some Huawei smart phones. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones. Vulnerabili...
Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones
There is an information leak vulnerability in some Huawei smart phones. An attacker could send specific command in the local area network LAN to exploit this vulnerability. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10001 This vulnerability has been assigne...
Security Advisory - Buffer Error Vulnerability in Some Huawei Products
There is a buffer error vulnerability in some Huawei products. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset...
Security Advisory - Improper Authentication Vulnerability in Several Products
There is an improper authentication vulnerability in several products. The device does not perform a sufficient authentication when doing certain operation, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. Vulnerability ID:...
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1
Microsoft released a security advisory about a remote code execution vulnerability in Server Message Block Version 1 SMBv1. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. Vulnerability ID: HWPSIRT-2020-06149 This vulnerability...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. Vulnerability ID: HWPSIRT-2019-10114 This...
Security Advisory - Improper Authentication Vulnerability in Smartphones
There is an improper authentication vulnerability in smartphones. Due to improperly validate of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to...
Security Advisory - Remote Code Execution Vulnerability in Microsoft Office
Microsoft released a security advisory to disclose a remote code execution vulnerability in Microsoft Office. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. The attacker could exploit the vulnerability to run...
Security Advisory - Connection Hijacking Vulnerability in Some Huawei Home Routers
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.Vulnerability ID:HWPSIRT-2023-34408 This vulnerability has been assigned a CVEID:CVE-2023-52718...
Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones
Some Huawei mobile phones have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. Vulnerability ID: HWPSIRT-2019-08002 This vulnerability has been assigned a Common Vulnerabilities and Exposur...
Security Advisory - Improper Access Control Vulnerability in Huawei Share
There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share,...
Security Advisory-Multiple Vulnerabilities in the RomPager Component of Home Gateway
RomPager is the embedded web server from AllegroSoft. RomPager component has two vulnerabilities. Some Huawei Home Gateway products use RomPager component and are affected by these two vulnerabilities. RomPager Authentication Security Bypass –Misfortune Cookie: The vulnerability is due to an...
Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10076 This vulnerability has been...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. Vulnerability ID: HWPSIRT-2019-12421 This vulnerability has...
Security Advisory - Information leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some Huawei products. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.Vulnerability ID: HWPSIRT-2019-12399...
Security Advisory - Improper Authentication Vulnerability in Smartphones
There is an improper authentication vulnerability in smartphones. The applock does not perform a sufficient authentication in a rare condition, successful exploit could allow the attacker to use the application locked by applock in an instant. Vulnerability ID: HWPSIRT-2019-04103 This vulnerabili...
Security Advisory - Buffer Overflow vulnerability in the FusionSphere OpenStack
The GaussDB of the FusionSphere OpenStack has a stack overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...
Security Advisory - Out of Bounds Write Vulnerability in Several Smartphones
There is an out of bounds write vulnerability in several smartphones. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious...
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone...
Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems
Microsoft released a security advisory to disclose an elevation of privilege vulnerability which exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability...
Security Advisory - Windows DNS Server Remote Code Execution Vulnerability
Microsoft's security update in July 2020 addresses the CVE-2020-1350 vulnerability. To exploit the vulnerability, an unauthenticated attacker could send specially crafted requests to a Windows DNS server. An attacker who successfully exploited the vulnerability could run arbitrary code remotely...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. Vulnerability ID: HWPSIRT-2019-08104 This vulnerability has been...
Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products
There is an invalid pointer access vulnerability in some products. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12412 This vulnerability has...
Security Advisory - Path Traversal Vulnerability in Huawei GaussDB
There is a path traversal vulnerability in Huawei GaussDB. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. Vulnerability ID: HWPSIRT-2019-10053 This...
Security Advisory - Information Leakage Vulnerability in some Huawei Firewall Product
There is an information leakage vulnerability in some Huawei firewall products. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the...
Security Advisory - Information Leakage Vulnerability on Some Smartphones
There is an information leak vulnerability in some Huawei phones. When a local attacker use the camera of a smartphone, the attacker can exploit this vulnerability to obtain sensitive information by performing a series of operations. Vulnerability ID: HWPSIRT-2019-01101 This vulnerability has bee...
Security Advisory - Improper Privilege Management Vulnerability in Huawei Smartphone Product
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. Vulnerability ID: HWPSIRT-2020-05272 This vulnerabilit...
Security Advisory - Use After Free Vulnerability in Several Products
There is a use after free vulnerability in several products. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...
Security Advisory - Three DoS Vulnerabilities in the SIP Module of Some Huawei Products
There are three denial of service DoS vulnerabilities in the SIP module of some Huawei products. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit...
Security Advisory - Improper Authentication Vulnerability in Smartphones
There is an improper authentication vulnerability in smartphones. Certain application does not properly validate the identity of another application who would call its interface, an attacker should trick the user into installing a malicious application, successful exploit could allow unauthorized...
Security Advisory - FragmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 3.9+ known as a FragmentSmack attack. Remote attackers could send fragmented IPv4 or IPv6 packets to the affected device to trigger time and calculation reassembly algorithms that could consume excessive CPU resources, resulting in a DoS...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without...
Security Advisory - Dangling Pointer Reference Vulnerability in Some Huawei Firewall Products
There is a dangling pointer reference vulnerability in some Huawei firewall products. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful explo...
Security Advisory - Information Disclosure Vulnerability on Smartphones
There is an information disclosure vulnerability on certain Huawei smartphones. An attacker could view the photos after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Vulnerability ID: HWPSIRT-2019-01143 This vulnerability...
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
Google security research team disclosed a buffer overflow vulnerability in GNU C library glibc CVE-2015-7547 on February 16, 2016, remote attackers can exploit the vulnerability to execute arbitrary code on an affected device. Vulnerability ID: HWPSIRT-2016-02018 This vulnerability has been...
Security Advisory - Small OOB Read Vulnerability in Huawei Product
There is an out-of-bound read vulnerability that a memory management error exists when IPSec Module handing a specific message. Attackers can send specific message to cause 1 byte out-of-bound read, compromising normal service. Vulnerability ID: HWPSIRT-2019-12417 This vulnerability has been...