1006 matches found
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
There is a buffer overflow vulnerability in DOPRA SSP products. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validation of packets. Successful exploit could cause a denial of service condition. Vulnerability ID: HWPSIRT-2020-823...
Security Advisory - Improper Resource Management Vulnerability in eUDC660 Product
The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be...
Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot
Eclypsium researchers have discovered a vulnerability named“BootHole”in the GRUB2 bootloader. There is a buffer overflow vulnerability that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerability ID:...
Security Advisory - Improper Authorization Vulnerability in Several Products
There is an improper authorization vulnerability in several products. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. Vulnerability ID: HWPSIRT-2020-05063 This vulnerability has been...
Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product
There are two information disclosure vulnerability in Huawei FusionCompute product. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. Vulnerability ID: HWPSIRT-2020-05013 and HWPSIRT-2020-05065 The two vulnerabilities ha...
Security Advisory - Denial of Service Vulnerability on Huawei Smartphone
There is an denial of service vulnerability on some Huawei smartphone. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. Vulnerability ID: HWPSIRT-2019-12057 This...
Security Advisory - Two Vulnerabilities in MGCP Protocol of Some Huawei Products
There is an out-of-bounds read vulnerability in Media Gateway Control Protocol MGCP of some Huawei products. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause...
Security Advisory - Numeric Errors Vulnerability in Some Huawei Routers
Some Huawei routers have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages...
Security Advisory - VRF Hopping Vulnerability in Multiple Routers
A VPN routing and forwarding VRF hopping vulnerability exists in Huawei routers. The routers do not strictly check received MPLS forwarding packets, and an attacker may exploit this vulnerability to forward crafted packets to MPLS links, which leads to flood attacks against the destination VPN...
Security Advisory - Laser Command Injection Vulnerability on Huawei Terminals
The laser command injection vulnerability exists on some Huawei devices. The devices cannot effectively defend against external malicious interference. Attackers need the device to be visually exploitable and successful triggering of this vulnerability could execute voice commands on the device...
Security Advisory - Improper Authorization Vulnerability in Huawei Product
There is an improper authorization vulnerability in some Huawei products. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. Vulnerability ID:...
Security Advisory - Path Traversal Vulnerability in Several Smartphones
There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. Vulnerability ID: HWPSIRT-2020-03127 This vulnerability has been assigned a Common...
Security Advisory - Improper Authorization Vulnerability in some Huawei Smartphones
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. Vulnerability ID: HWPSIRT-2019-12144 This vulnerability has...
Security Advisory - Improper Authorization Vulnerability in Several Smartphones
There is an improper authorization vulnerability in several smartphones. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode. Vulnerability ID:...
Security Advisory - Improper Authentication Vulnerability in Several Smartphones
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Vulnerability ID: HWPSIRT-2020-01073 This...
Security Advisory - Information Disclosure Vulnerability in Some Huawei Products
Some Huawei products have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. Vulnerability ID: HWPSIRT-2019-10408 This...
Security Advisory - Buffer Overflow Vulnerability in The GaussDB
There is a buffer overflow vulnerability in the handling code for regular expressions on GaussDB. An authenticated, remote attacker could use a specially crafted regular expression to cause GaussDB to crash or possibly execute arbitrary code. Vulnerability ID: HWPSIRT-2017-05046 This vulnerabilit...
Security Advisory - Command Injection Vulnerability in Some Huawei Products
Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection. Vulnerability ID: HWPSIRT-2020-59877 This...
Security Advisory - Information Disclosure Vulnerability on some Huawei Products
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Vulnerability...
Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product
Huawei PCManager has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation. Vulnerability ID: HWPSIRT-2019-12143 This...
Security Advisory - Insufficient Input Validation Vulnerability in Huawei Share
There is an insufficient input validation vulnerability in Huawei Share. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled. Vulnerability ID: HWPSIRT-2019-09454 This vulnerability has been assigne...
Security Advisory - Out of Bounds Read Vulnerability on Several Smartphones
There is an out of bounds read vulnerability on several smartphones, the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause out of bounds read and...
Security Advisory - Four Remote Code Execution Vulnerabilities in Some Microsoft Windows Systems
Microsoft released four security advisories to disclose four remote code execution vulnerabilities in Remote Desktop Services. An unauthenticated attacker connects to the target system using RDP and sends specially crafted requests to exploit the vulnerabilities. Successful exploit may cause...
Security Advisory - Path Traversal Vulnerability in a Huawei Children's Watch
Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. Vulnerability ID:HWPSIRT-2022-99716 This vulnerability has been assigned a CVE ID: CVE-2022-44564...
Security Advisory - CSV Injection Vulnerability in ManageOne Product
There has a CSV injection vulnerability in ManageOne Product. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files ...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products
There is a privilege escalation vulnerability in some Huawei products. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. Vulnerability ID:...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful...
Security Advisory - Buffer Overflow Vulnerability on Several Mobile Broadband Products
There is a buffer overflow vulnerability on several mobile broadband products. The software does not sufficiently validate the length of certain fields in DHCP message which is received. Successful exploit could cause the device to reboot. Vulnerability ID: HWPSIRT-2017-09083 This vulnerability h...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-02156 This vulnerability has been...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to...
Security Advisory - Insufficient Verification Vulnerability in Some Huawei products
There is an insufficient verification vulnerability in some Huawei products. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. Vulnerability ID: HWPSIRT-2019-10094 This...
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
There is an insufficient verification vulnerability in several smartphones. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could cause DOS or malicious code execution. Vulnerabili...
Security Advisory - Multiple Security Vulnerabilities in HedEx product
HedExHuawei Electronic Documentation Explorer,Huawei electronic document browser, mainly used to browse Huawei products electronic documents. HedEx exist some vulnerabilities. HedEx has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target...
Security Advisory - Privilege Escalation Vulnerability in Huawei Product
There is a privilege escalation vulnerability in some Huawei products. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID...
Security Advisory - Insufficient Authentication Vulnerability in OSCA Products
There is an insufficient authentication vulnerability in OSCA products. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential...
Security Advisory - Improper Access Control Vulnerability in Huawei Share
There is an improper access control vulnerability in Huawei Share. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information leakage. Vulnerability ID: HWPSIRT-2019-09452 This vulnerability...
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcpcollapseofoqueue and tcppruneofoqueue of the affected device which can lead to a denial of service...
Security Advisory - Authentication Bypass Vulnerability in Huawei iBMC Products
There is an authentication bypass vulnerability in Huawei iBMC products. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege...
Security Advisory - Chrome V8 engine has a remote code execution vulnerability
Chrome V8 is a Google Chrome engine for parsing JavaScript. Chrome V8 v3.20 to v4.2 has a remote code execution vulnerability due to misspelling of exception name observeacceptinvalid into observeinvalidaccept in source code, leading to the leak of kMessages. Successful exploit of this...
Security Advisory - Multiple Input Validation Vulnerabilities in Huawei Smart Phone
There are four input validation vulnerabilities in some Huawei Smart phones. An attacker gets the graphic or Camera privilege and tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege...
Security Advisory - DoS Vulnerability in Huawei U2990 and U2980
Huawei U2990 and U2980 have a DoS vulnerability caused by no error correction mechanism when handling specific signaling packets. An attacker can send malformed packets to cause a denial of service condition in some services of the U2990 and U2980. Vulnerability ID: HWPSIRT-2015-09025 This...
Security Advisory - Permission Bypass Vulnerability in Huawei Products
A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Vulnerability ID: HWPSIRT-2021-96118 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-46834. For product...
Security Advisory - Memory Leak Vulnerability in Huawei CloudEngine Product
There is a memory leak vulnerability in Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. Vulnerability ID:...
Security Advisory - Command Injection Vulnerability in ManageOne Product
There has a command injection vulnerability in ManageOne Product. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject comman...
Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone
There is a JavaScript injection vulnerability in Huawei smartphone. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. Vulnerability ID: HWPSIRT-2020-04153 Th...
Security Advisory - Type Confusion Vulnerability in Several Smartphones
There is a type confusion vulnerability in several smartphones. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Smart Phones
There is a buffer overflow vulnerability in some Huawei smart phones. An attacker may intercept and tamper with the packet in the local area network LAN to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Vulnerability ID: HWPSIRT-2019-09447 This...
Security Advisory - Input Validation Vulnerability in H323 Protocol of Huawei products
There is an insufficient validation vulnerability in some Huawei products. Since packet validation is insufficient, an unauthenticated attacker may send special H323 packets to exploit the vulnerability. Successful exploit could allow the attacker to send malicious packets and result in DOS...
Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability
The Broadwell-specific Montgomery multiplication procedure has a denial of service DoS vulnerability when handling input longer than 256 bits.Only EC algorithms that use Brainpool P-512 curves are affected. An attacker could exploit this vulnerability to cause DoS during ECDH key...