Security Advisory - Improper Authentication Vulnerability in Huawei Smartphone

There is an improper authentication vulnerability in some Huawei smartphone. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. Vulnerabili...

Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications. Vulnerability ID: HWPSIRT-2019-10070 This vulnerability has been...

Security Advisory - Out of Bounds Write Vulnerability in Several Smartphones

There is an out of bounds write vulnerability in several smartphones. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious...

Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product

There is a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2019-10117 This...

Security Advisory - Access Control Bypass Vulnerability in Some Huawei Products

There is an access control bypass vulnerability in some Huawei products. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet...

Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products

There is an invalid pointer access vulnerability in some products. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12412 This vulnerability has...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

There is a denial of service vulnerability in some Huawei products. In some abnormal cases, the software doesn't correctly process data. An attacker can exploit this vulnerability to cause new connections can't be established. Vulnerability ID: HWPSIRT-2019-12400 This vulnerability has been...

Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Products

There is an out-of-bounds read vulnerability in some huawei products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot...

Security Advisory - Resource Management Error Vulnerability on Some Huawei Products

Some Huawei products have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices...

Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products

There is a invalid pointer access vulnerability in some products. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12413 This vulnerability has been...

Security Advisory - Invalid Pointer Access Vulnerability in Some Huawei Products

There is an invalid pointer access vulnerability in some products. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Vulnerability ID: HWPSIRT-2019-12411 This vulnerability has been assigned...

Security Advisory - Information Leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. Vulnerability ID: HWPSIRT-2019-04203 This...

Security Advisory - Out-of-bounds Write Vulnerability in Some Huawei Products

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Vulnerability...

Security Advisory - Input Validation Vulnerability in Huawei Products

Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...

Security Advisory - Dangling Pointer Reference Vulnerability in Some Huawei Firewall Products

There is a dangling pointer reference vulnerability in some Huawei firewall products. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful explo...

Security Advisory - Double Free Memory Vulnerability in Huawei Products

Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...

Security Advisory - Denial of Service Vulnerability in Some Huawei Firewall Products

There is a Denial of Service DoS vulnerability in some firewall products. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSEC function of the affected...

Security Advisory - Memory Leak Vulnerability in Some Firewall Products

There is a memory leak vulnerability in some firewall products. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust...

Security Advisory - Denial of Service Vulnerability in Huawei Product

Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...

Security Advisory - Small OOB Read Vulnerability in Huawei Product

There is an out-of-bound read vulnerability that a memory management error exists when IPSec Module handing a specific message. Attackers can send specific message to cause 1 byte out-of-bound read, compromising normal service. Vulnerability ID: HWPSIRT-2019-12417 This vulnerability has been...

Security Advisory - Information Leak Vulnerability in Some Huawei Products

There is an information leak vulnerability in some Huawei products. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10453 This vulnerability has been assigned a Common...

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...

Security Advisory - Information leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some Huawei products. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.Vulnerability ID: HWPSIRT-2019-12399...

Security Advisory - Information leakage Vulnerability in Some Huawei Products

There is an information leakage vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful exploit may lead to information leakage. Vulnerability ID: HWPSIRT-2019-11212 This vulnerability has been assigned ...

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

There is an improper authorization vulnerability in several smartphones. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. Vulnerability ID: HWPSIRT-2019-10114 This...

Security Advisory - Double Free Memory Vulnerability in Huawei Products

There is a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. Vulnerability ID: HWPSIRT-2019-12420 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID...

Security Advisory - Insufficient Verification Vulnerability in Some Huawei products

There is an insufficient verification vulnerability in some Huawei products. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. Vulnerability ID: HWPSIRT-2019-10094 This...

Security Advisory - Insufficient Verification Vulnerability in Some Huawei Products

There is an insufficient verification vulnerability in some Huawei products. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.Vulnerability ID: HWPSIRT-2019-10092 This vulnerability has bee...

Security Advisory - Command Injection Vulnerability in GaussDB 200

There is a command injection vulnerability in GaussDB 200. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. Vulnerability ID:...

Security Advisory - Improper Authorization Vulnerability in Several Huawei Smart Phones

Some Huawei mobile phones have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. Vulnerability ID: HWPSIRT-2019-08002 This vulnerability has been assigned a Common Vulnerabilities and Exposur...

Security Advisory - Digital Balance Bypass Vulnerability in Huawei Smart Phones

There is a digital balance bypass vulnerability in some Huawei smart phones. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed...

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a DoS vulnerability that IPSec Module handles a specific message incorrectly, causing memory unreleased. Attackers can send specific message to cause Denial of Service in IPSec module. Vulnerability ID: HWPSIRT-2019-12418 This vulnerability has been assigned a Common Vulnerabilities and...

Security Advisory - Input Validation Vulnerability in Huawei Products

There is an out-of-bound read vulnerability that the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. Vulnerability ID: HWPSIRT-2019-12419 This vulnerability has been assigned a Common...

Security Advisory - Insufficient Authentication Vulnerability in Some Huawei products

There is an insufficient authentication vulnerability in some Huawei products. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. Vulnerability ID: HWPSIRT-2019-10077 Thi...

Security Advisory - Out of Bounds Read Vulnerability in Several Products

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2019-12425 This vulnerability has been...

Security Advisory - Out of Bounds Read Vulnerability in Several Products

There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal. Vulnerability ID: HWPSIRT-2019-12428 This vulnerability ha...

Security Advisory - Insufficient Authentication Vulnerability in OSCA Products

There is an insufficient authentication vulnerability in OSCA products. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential...

Security Advisory - Improper Authentication Vulnerability in Smartphones

There is an improper authentication vulnerability in smartphones. Due to improperly validate of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to...

Security Advisory - Command Injection Vulnerability in GaussDB 200 Product

There is a command injection vulnerability in GaussDB 200 product. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...

Security Advisory - Path Traversal Vulnerability in Huawei GaussDB

There is a path traversal vulnerability in Huawei GaussDB. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. Vulnerability ID: HWPSIRT-2019-10053 This...

Security Advisory - Three DoS Vulnerabilities in the SIP Module of Some Huawei Products

There are three denial of service DoS vulnerabilities in the SIP module of some Huawei products. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit...

Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM

There is a buffer overflow vulnerability in the vhost module of QEMU-KVM. During the hot migration of the target VM, an attacker with guest user account may send descriptors with invalid length to the affected host to exploit this vulnerability. Successfully exploited may cause the kernel buffer...

Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. Vulnerability I...

Security Advisory - Insufficient Authentication Vulnerability in Some Huawei Smart Phones

There is an insufficient authentication vulnerability in some Huawei smart phones. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones. Vulnerabili...

Security Advisory - Information Leakage Vulnerability in some Huawei Firewall Product

There is an information leakage vulnerability in some Huawei firewall products. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the...

Security Advisory - Improper Authentication Vulnerability in Smartphones

There is an improper authentication vulnerability in smartphones. Certain application does not properly validate the identity of another application who would call its interface, an attacker should trick the user into installing a malicious application, successful exploit could allow unauthorized...

Security Advisory - FragmentSmack Vulnerability in Linux Kernel

Products Switches Routers WLAN Storage See All Solutions Cloud Data Center Enterprise Networking Intelligent Computing Solutions by Industry See All Services Training and Certification Industry Cloud Enablement Service Improvement Service Customer Support Service See All Partner Find a Partner...

Security Advisory - Page-Cache Side-Channel Vulnerability

There is a vlunerability in the mincore implementation in mm/mincore.c in the Linux kernel through 4.19.13. An attacker could exploit this vulnerability to conduct a page-cache side-channel attack, allowing the attacker to view page-cache access patterns of other processes on the system. A...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is a Factory Reset Protection FRP bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection FRP function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. As a...

Security Advisory - Information Leak Vulnerability in Some Huawei Product

Some Huawei mobile phones have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. Vulnerability ID: HWPSIRT-2019-07076 This vulnerability has been assigned a Common...