CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5309
https://notcve.org/view.php?id=CVE-2019-5309
29 Nov 2019 — Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition. Los teléfonos inteligentes Honor Play con versiones anteriores a 9.1.0.333 (C00E333R1P1T8), presentan una vulnerabilidad de divulgación de información en ciertos Huawei. Un atacante podría visualizar d... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191127-02-smartphone-en • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5213
https://notcve.org/view.php?id=CVE-2019-5213
12 Nov 2019 — Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. Teléfonos Inteligentes Honor Play con versiones anteriores a Cornell-AL00A versión 9.1.0.321 (C00E320R1P1T8), presentan una vulnerabilidad de autenticación insufic... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191023-01-smartphone-en • CWE-287: Improper Authentication •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-5216
https://notcve.org/view.php?id=CVE-2019-5216
06 Jun 2019 — There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious cod... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17145
https://notcve.org/view.php?id=CVE-2017-17145
09 Mar 2018 — Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication. Los smartphones Huawei Honor V9 Play con versiones anteriores a Jimmy-AL00AC00B135 tienen una vulnerabilidad de omisión de autenticación debido a un diseño incorrecto de un componente. Un atacante que consiga e... • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15351
https://notcve.org/view.php?id=CVE-2017-15351
15 Feb 2018 — The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. La función "Find Phone" en los smartphones Huawei Honor V9 play con versiones anteriores a la Jimmy-AL00AC00B135 tiene una vulnerabilidad de omisión de autenticación. Esto ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 54%CPEs: 54EXPL: 4CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
02 Oct 2017 — Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replie... • https://packetstorm.news/files/id/144480 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •