CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2020-9247
https://notcve.org/view.php?id=CVE-2020-9247
07 Dec 2020 — There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9106
https://notcve.org/view.php?id=CVE-2020-9106
12 Oct 2020 — HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8), presentan una vulnerabilidad de salto de ruta. El sistema no comprueba suficientemente determinado nombre de ruta, una explotación con éxito podría permitir al atacante acceder a arc... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-pathtraversal-en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9123
https://notcve.org/view.php?id=CVE-2020-9123
12 Oct 2020 — HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8) y versiones anteriores a 10.1.0.160(C01E160R2P8), presentan una vulnerabilidad de desb... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-buffer-en • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0CVE-2020-9109
https://notcve.org/view.php?id=CVE-2020-9109
12 Oct 2020 — There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier t... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9107
https://notcve.org/view.php?id=CVE-2020-9107
12 Oct 2020 — HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8), presentan una vulnerabilidad de lectura y escritura fuera de límites. Un atacante no autenticado d... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-readwriteoutbound-en • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9108
https://notcve.org/view.php?id=CVE-2020-9108
12 Oct 2020 — HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8), presentan una vulnerabilidad de lectura y escritura fuera de límites. Un atacante no autenticado d... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-outofbound-en • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9095
https://notcve.org/view.php?id=CVE-2020-9095
21 Aug 2020 — HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. El teléfono inteligente HUAWEI P30 Pro con versiones anteriores a 10.1.0.160(C00E160R2P8), presenta una vulnerabilidad de desbordamiento de enteros. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-03-smartphone-en • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9096
https://notcve.org/view.php?id=CVE-2020-9096
21 Aug 2020 — HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. Los teléfonos inteligentes HUAWEI P30 Pro con versiones anteriores a 10.1.0.160(C00E160R2P8), presentan una vulnerabilidad de lectura fuera de límites. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-02-smartphone-en • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-9244
https://notcve.org/view.php?id=CVE-2020-9244
11 Aug 2020 — HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than 10.1.0.160(C786E160R3... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-02-smartphone-en •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-9245
https://notcve.org/view.php?id=CVE-2020-9245
10 Aug 2020 — HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function. HUAWEI P30 versiones anteriores a 10.1.0.160(C00E160R2P11); HUAWEI P30 Pro versiones anteri... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200805-01-smartphone-en •