1006 matches found
Security Advisory - Multiple Vulnerabilities in OpenSSL in May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...
Security Advisory - Improper Handling of Exceptional Condition Vulnerability in Huawei Smartphones
There is an improper handling of exceptional condition Vulnerability in Huawei Smartphones. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. Vulnerability ID:...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do. Vulnerability ID: HWPSIRT-2019-12104 This...
Security Advisory - Command Injection Vulnerability in GaussDB 200 Product
There is a command injection vulnerability in GaussDB 200 product. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause malicious code execution. Vulnerability ID:...
Security Advisory - TCP Connection Hijack Vulnerability
There is a vulnerability in the implementation of the RFC 5961, due to the improper determination of the rate of challenge ACK responses by the global rate limit feature. Successful exploit could allow an unauthenticated, remote attacker to reset or hijack into a TCP connections between two...
Security Advisory - Bluetooth Function Denial of Service Vulnerability in Some Huawei Smartphone Products
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Vulnerability ID:...
Security Advisory - OpenSSL DROWN Security Vulnerability
OpenSSL official website released a security advisory about a high risk vulnerability dubbed DROWN CVE-2016-0800 on March 1st, 2016. The vulnerability is: Once SSLv2 is used, an attacker can capture packets or act as a man in the middle MIMT to obtain SSL session keys, decrypt encrypted traffic,...
Security Advisory - XSS Injection Vulnerability in a Huawei Product
There is a XSS injection vulnerability in a Huawei product. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client. Vulnerability ID:...
Security Advisory - Inconsistent Interpretation of HTTP Requests Vulnerability in Some Huawei Products
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Vulnerability ID: HWPSIRT-2020-05294 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-22293...
Security Advisory - Denial of Service Vulnerability in OpenSSL
There is a Denial of Service DoS vulnerability in Openssl. Specific function in Openssl may crash during or after the TLS 1.3 handshake due to a NULL pointer dereference. Attacker may send crafted request packet to the target host service to exploit this vulnerability. Successful exploit may caus...
Security Advisory - Out of Bounds Read Vulnerability in Several Smartphones
There is an out of bound read vulnerability in several smartphones. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. Vulnerability ID:...
Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products
There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cau...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal OLT. Vulnerability ID: HWPSIRT-2019-09333 This vulnerabilit...
Security Advisory - Insufficient Verification Vulnerability in Some Huawei Products
There is an insufficient verification vulnerability in some Huawei products. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.Vulnerability ID: HWPSIRT-2019-10092 This vulnerability has bee...
Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. Vulnerability I...
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. Vulnerability ID: HWPSIRT-2019-02008 This vulnerability has been assigned a Common Vulnerabilities and Exposur...
Security Advisory - Information Exposure Vulnerability on FusionSphere OpenStack
There is an information exposure vulnerability on FusionSphere OpenStack. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...
Security Advisory - BroadPwn Remote Code Execute Vulnerability
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. Vulnerability ID: HWPSIRT-2017-07072 This...
Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing an authenticated attacker to upload a shared library to a writable share and execute arbitrary code remotely on a targeted system. Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security...
Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones
There is a arbitrary memory read/write vulnerability in the hardware security module of some Huawei smart phones due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute...
Security Advisory - Information Leak Vulnerability in Huawei Product
There is an information leak vulnerability in Huawei product. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. Vulnerability ID: HWPSIRT-2020-06053 This vulnerability has been assign...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypas...
Security Advisory - Local Privilege Escalation Vulnerability in Huawei PCManager Product
There is a local privilege escalation vulnerability in Huawei PCManager product. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-02134 This...
Security Advisory - Logic Error Vulnerability in Several Smartphones
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Vulnerability ID:...
Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products
There is a invalid pointer access vulnerability in some products. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12413 This vulnerability has been...
Security Advisory - Information leakage Vulnerability in Some Huawei Products
There is an information leakage vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Vulnerability ID: HWPSIRT-2019-11212 This vulnerability has been assigned ...
Security Advisory - Improper Validation of Array Index Vulnerability in Several Smartphones
There is an improper validation of array index vulnerability in several smartphones. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful...
Security Advisory - Null Pointer Reference Vulnerability in Some Huawei Smart Phones
There is a null pointer reference vulnerability in some Huawei smart phones. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Vulnerability ID: HWPSIRT-2019-05097 This vulnerability...
Security Advisory - Input Validation Vulnerability in Huawei Products
Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...
Security Advisory - Command Injection Vulnerability in GaussDB 200
There is a command injection vulnerability in GaussDB 200. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product
There is a buffer overflow vulnerability in Huawei Atlas product. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. Vulnerability ID: HWPSIRT-2019-08062 This vulnerability has been...
Security Advisory - Insufficient Authentication Vulnerability in Several Band Products
There is an insufficient authentication vulnerability in several products. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. Vulnerability ID: HWPSIRT-2019-09490 This...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. Vulnerability...
Security Advisory - Out-of-bounds Read Vulnerability in Gauss100 OLTP Database of Some Huawei Products
There is an out-of-bounds read vulnerability in the Gauss100 OLTP database of some Huawei products due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerabilit...
Security Advisory - Privilege Escalation Vulnerability in some Huawei Products
There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation. Vulnerability ID: HWPSIRT-2020-05256 Thi...
Security Advisory - QEMU Out-of-bound Read and Write Vulnerability in Huawei Product
An out-of-bound read and write access vulnerability was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest. Attackers can use this vulnerability to crash the QEMU process resulting in DoS or potentially execute arbitrary code with the privileges of the QEMU...
Security Advisory - Insufficient Input Verification Vulnerability in Some Huawei Products
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices. Vulnerability ID: HWPSIRT-2020-00006 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Improper Authentication Vulnerability in Some Huawei Smartphones
There is an improper authentication vulnerability in some Huawei smartphones. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into installing a malicious plug-in to exploit this vulnerability. Successful exploit could allow t...
Security Advisory - Double Free Vulnerability in Some Huawei Products
There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2019-09024 This vulnerability has...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...
Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack CVE-2018-0737. An attacker could exploit this vulnerability to recover the private key. Vulnerability ID: HWPSIRT-2018-06015 Huawei has released software updates to fix this vulnerabilit...
Security Advisory - OpenSSL Vulnerability in Some Huawei Products
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. Vulnerability ID: HWPSIRT-2018-03073 This vulnerability...
Security Advisory - 'Phoenix Talon' Vulnerabilities in Linux Kernel
The Linux operating system has four security vulnerabilities called 'Phoenix Talon', which affect Linux kernel 2.5.69 to Linux kernel 4.11. Successful exploit of these vulnerabilities can allow an attacker to launch DoS attacks and can lead to arbitrary code execution when certain conditions are...
Security Advisory - Multiple Vulnerabilities in UMA Products
The Unified Maintenance Audit UMA system provides a unified portal for O&M operations, controls and records users' O&M operations, and supports auditing by way of command display and video replay. The UMA product has the following vulnerabilities, which are introduced by software provided by...
Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone
The Bastet of some Huawei mobile phones have three buffer overflow vulnerabilities due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the...
Security Advisory - Privilege Escalation Vulnerability in Huawei Products
There is a privilege escalation vulnerability in Huawei products. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service...
Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...
Security Advisory - Command Injection Vulnerability in Some Huawei Products
Some Huawei products have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target...
Security Advisory - Buffer Error Vulnerability in Some Huawei Product
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2017-08234 This...