1006 matches found
Security Advisory - Command Injection Vulnerability in ManageOne Product
There has a command injection vulnerability in ManageOne Product. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject comman...
Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone
There is a vulnerability of improper buffer operation in Huawei smartphone. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. Vulnerability ID: HWPSIRT-2020-08183 This vulnerability has been assigned a Common...
Security Advisory - Privilege Escalation Vulnerability in FusionCompute Product
There is a privilege escalation vulnerability in FusionCompute product. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation...
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
There is a command injection vulnerability in Huawei FusionCompute product. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. Vulnerability ID:...
Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone
There is a vulnerability of improper buffer operation in Huawei smartphone. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. Vulnerability ID: HWPSIRT-2020-08183 This vulnerability has been assigned a Common...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attacker can construct attack scenarios, which lead to denial of service. Vulnerability ID: HWPSIRT-2020-79490 This vulnerability has...
Security Advisory - Command Injection Vulnerability in Some Huawei Products
Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection. Vulnerability ID: HWPSIRT-2020-59877 This...
Security Advisory - Netlogon Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...
Security Advisory - Insecure Encryption Algorithm Vulnerability in Some Huawei Products
Some Huawei products have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. Vulnerability ID: HWPSIRT-2020-05067 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2020-912...
Security Advisory - Buffer Overflow Vulnerability in the Bluetooth Module of Some Huawei Mobile Phones
There is a buffer overflow vulnerability in the Bluetooth module of some Huawei mobile phones. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. Vulnerabilit...
Security Advisory - Privilege Escalation Vulnerability in Some Huawei Smartphones
There has a privilege elevation vulnerability in some smartphones. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Vulnerability I...
Security Advisory - Denial of Service Vulnerability in Some Huawei Products
There is a denial of service vulnerability in some products. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. Vulnerability ID: HWPSIRT-2020-04051 This vulnerability has been assigned a Common...
Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone
There is a JavaScript injection vulnerability in Huawei smartphone. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. Vulnerability ID: HWPSIRT-2020-04153 Th...
Security Advisory - Improper Authorization Vulnerability in Huawei Product
There is an improper authorization vulnerability in some Huawei products. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. Vulnerability ID:...
Security Advisory - Buffer Read Overflow Vulnerability in Huawei Smartphone
There is a buffer overflow vulnerability in Huawei smartphone. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-02173 This...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information...
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Products
There is an out-of-bounds read and write vulnerability in some products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot...
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Products
There is an out-of-bounds read and write vulnerability in some products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot...
Security Advisory - QEMU Out-of-bound Read and Write Vulnerability in Huawei Product
An out-of-bound read and write access vulnerability was found in the USB emulator of the QEMU. It occurs while processing USB packets from a guest. Attackers can use this vulnerability to crash the QEMU process resulting in DoS or potentially execute arbitrary code with the privileges of the QEMU...
Security Advisory - Out-of-Bounds Read Vulnerability in Some Huawei Smart Phone
There is an out-of-bounds read vulnerability in XFRM module of some Huawei smart phone. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. Vulnerabilit...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful...
Security Advisory - Denial of Service Vulnerability in Some Huawei Home Routers
There is a denial of service vulnerability in some Huawei home routers. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal. Vulnerability ID: HWPSIRT-2020-00069 This vulnerability has been assigned a Common...
Security Advisory - Buffer Read Overflow Vulnerability in Huawei Product
There is a buffer overflow vulnerability in Huawei Product. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-02172 This...
Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products
Some Huawei products have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. Vulnerability ID: HWPSIRT-2020-04125...
Security Advisory - Out-of-Bounds Read and Write Vulnerability in Huawei Smartphone
There is an out-of-bounds read and write vulnerability in Huawei smartphone. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03107 Th...
Security Advisory - Path Traversal Vulnerability in Several Smartphones
There is a path traversal vulnerability in several smartphones. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. Vulnerability ID: HWPSIRT-2020-03127 This vulnerability has been assigned a Common...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and make information leak. Vulnerability ID:...
Security Advisory - Insufficient Input Verification Vulnerability in Some Huawei Products
Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices. Vulnerability ID: HWPSIRT-2020-00006 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID:...
Security Advisory - Buffer Overflow Vulnerability BootHole in GRUB2 Secure Boot
Eclypsium researchers have discovered a vulnerability named“BootHole”in the GRUB2 bootloader. There is a buffer overflow vulnerability that can be used to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability can install...
Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Phones
There is an insufficient input validation vulnerability in some Huawei products. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerability ID:...
Security Advisory - MITM Vulnerability on Huawei Share
There is a man-in-the-middleMITM vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attac...
Security Advisory - Information Leak Vulnerability in Huawei Smartphone
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2018-03100 This vulnerability has been...
Security Advisory - Privilege Elevation Vulnerability in Microsoft Windows Kerberos Key Distribution Center
Microsoft released a security bulletin MS14-068 to publicly disclose a vulnerability in in Kerberos Key Distribution Center KDC. The vulnerability could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. Vulnerability ID:...
Security Advisory - Buffer Overflow Vulnerability on Several Mobile Broadband Products
There is a buffer overflow vulnerability on several mobile broadband products. The software does not sufficiently validate the length of certain fields in DHCP message which is received. Successful exploit could cause the device to reboot. Vulnerability ID: HWPSIRT-2017-09083 This vulnerability h...
Security Advisory - Remote Code Execution vulnerability in Apache Struts2
The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information vulnerability in Huawei smartphones. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-02156 This vulnerability has been...
Security Advisory - Command Injection Vulnerability in Some Huawei Products
Some Huawei products have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
There is a denial of service DoS vulnerability in some Huawei smart phones. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. Vulnerability ID: HWPSIRT-2019-09107 This vulnerability has be...
Security Advisory - Privilege Escalation Vulnerability in Huawei FusionCompute Product
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. Vulnerability ID: HWPSIRT-2020-05241 This vulnerability has been...
Security Advisory - NULL Pointer Dereference Vulnerability in Some Huawei Products
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. Vulnerability ID:...
Security Advisory - Buffer Error Vulnerability in Some Huawei Product
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. Vulnerability ID: HWPSIRT-2017-08234 This...
Security Advisory - Improper Authorization Vulnerability in some Huawei Smartphones
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. Vulnerability ID: HWPSIRT-2019-12144 This vulnerability has...
Security Advisory - Information Disclosure Vulnerability in Several Smartphones
There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to...
Security Advisory - Distributed Denial-of-Service Vulnerablility in Some Huawei Products
There is a DDoS vulnerability called "NXNSAttack" in some Huawei products. There is no effective limitation on the number of fetches performed when the DNS recursive server processes references. An attacker can exploit this vulnerability by sending a request for an attacker-controlled domain to a...
Security Advisory - Integer Overflow Vulnerability in Huawei Smartphone
There is an integer overflow vulnerability in Huawei smartphone. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service...
Security Advisory - Out Of Bound Read Vulnerability in Huawei Smartphone
There is an out of bound read vulnerability in Huawei smartphones. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service...
Security Advisory - Information Leak Vulnerability in Huawei Products
There is an information leak vulnerability in Huawei FusionCompute. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. Vulnerability ID: HWPSIRT-2020-05037 This vulnerability ha...
Security Advisory - Improper Privilege Management Vulnerability in Huawei Smartphone Product
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. Vulnerability ID: HWPSIRT-2020-05272 This vulnerabilit...
Security Advisory - Denial of Service Vulnerability in SmartPhone Product
There is a denial of service vulnerability in several smartphones. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. Vulnerability ID: HWPSIRT-2020-04032 This vulnerability has be...