CVSS: 7.8EPSS: 0%CPEs: 100EXPL: 0CVE-2017-2692
https://notcve.org/view.php?id=CVE-2017-2692
The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a privilege elevation vulnerability. An attacker may exploit it to launch command injection in order to gain elevated privileges. La aplicación Keyguard en versiones ALE-L02C635B140 y anteriores; ALE-L02C636B140 y anteriores; ALE-L21C10B150 y anteriores; ALE-L21C185B200 y anteriores; ALE-L21C432B214 y anteriores; ALE-L21C464B150 y anteriores; ALE-L21C636B200 y anteriores; ALE-L23C605B190 y anteriores; ALE-TL00C01B250 y anteriores; ALE-UL00C00B250 y anteriores; MT7-L09C605B325 y anteriores; MT7-L09C900B339 y anteriores; MT7-TL10C900B339 y anteriores; CRR-CL00C92B172 y anteriores; CRR-L09C432B180 y anteriores; CRR-TL00C01B172 y anteriores; CRR-UL00C00B172 y anteriores; CRR-UL20C432B171 y anteriores; GRA-CL00C92B230 y anteriores; GRA-L09C432B222 y anteriores; GRA-TL00C01B230SP01 y anteriores; GRA-UL00C00B230 y anteriores; GRA-UL00C10B201 y anteriores; GRA-UL00C432B220 y anteriores; H60-L04C10B523 y anteriores; H60-L04C185B523 y anteriores; H60-L04C636B527 y anteriores; H60-L04C900B530 y anteriores; PLK-AL10C00B220 y anteriores; PLK-AL10C92B220 y anteriores; PLK-CL00C92B220 y anteriores; PLK-L01C10B140 y anteriores; PLK-L01C185B130 y anteriores; PLK-L01C432B187 y anteriores; PLK-L01C432B190 y anteriores; PLK-L01C432B190 y anteriores; PLK-L01C636B130 y anteriores; PLK-TL00C01B220 y anteriores; PLK-TL01HC01B220 y anteriores; PLK-UL00C17B220 y anteriores; ATH-AL00C00B210 y anteriores; ATH-AL00C92B200 y anteriores; ATH-CL00C92B210 y anteriores; ATH-TL00C01B210 y anteriores; ATH-TL00HC01B210 y anteriores; ATH-UL00C00B210 y anteriores; RIO-AL00C00B220 y anteriores; RIO-CL00C92B220 y anteriores; RIO-TL00C01B220 y anteriores y versiones RIO-UL00C00B220 y anteriores tiene una vulnerabilidad de elevación de privilegios. Un atacante podría explotarla para ejecutar una inyección de comandos para elevar privilegios. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en http://www.securityfocus.com/bid/95919 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 100EXPL: 0CVE-2017-2693
https://notcve.org/view.php?id=CVE-2017-2693
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path. Versiones ALE-L02C635B140 y anteriores; ALE-L02C636B140 y anteriores; ALE-L21C10B150 y anteriores; ALE-L21C185B200 y anteriores; ALE-L21C432B214 y anteriores; ALE-L21C464B150 y anteriores; ALE-L21C636B200 y anteriores; ALE-L23C605B190 y anteriores; ALE-TL00C01B250 y anteriores; ALE-UL00C00B250 y anteriores; MT7-L09C605B325 y anteriores; MT7-L09C900B339 y anteriores; MT7-TL10C900B339 y anteriores; CRR-CL00C92B172 y anteriores; CRR-L09C432B180 y anteriores; CRR-TL00C01B172 y anteriores; CRR-UL00C00B172 y anteriores; CRR-UL20C432B171 y anteriores; GRA-CL00C92B230 y anteriores; GRA-L09C432B222 y anteriores; GRA-TL00C01B230SP01 y anteriores; GRA-UL00C00B230 y anteriores; GRA-UL00C10B201 y anteriores; GRA-UL00C432B220 y anteriores; H60-L04C10B523 y anteriores; H60-L04C185B523 y anteriores; H60-L04C636B527 y anteriores; H60-L04C900B530 y anteriores; PLK-AL10C00B220 y anteriores; PLK-AL10C92B220 y anteriores; PLK-CL00C92B220 y anteriores; PLK-L01C10B140 y anteriores; PLK-L01C185B130 y anteriores; PLK-L01C432B187 y anteriores; PLK-L01C432B190 y anteriores; PLK-L01C432B190 y anteriores; PLK-L01C636B130 y anteriores; PLK-TL00C01B220 y anteriores; PLK-TL01HC01B220 y anteriores; PLK-UL00C17B220 y anteriores; ATH-AL00C00B210 y anteriores; ATH-AL00C92B200 y anteriores; ATH-CL00C92B210 y anteriores; ATH-TL00C01B210 y anteriores; ATH-TL00HC01B210 y anteriores; ATH-UL00C00B210 y anteriores; RIO-AL00C00B220 y anteriores; RIO-CL00C92B220 y anteriores; RIO-TL00C01B220 y anteriores y versiones RIO-UL00C00B220 tiene una vulnerabilidad de salto de ruta. Un atacante podría explotarlo para descomprimir archivos maliciosos en una ruta de destino. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en http://www.securityfocus.com/bid/95919 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2698
https://notcve.org/view.php?id=CVE-2017-2698
The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. El controlador ddr_devfreq en versiones anteriores a la GRA-UL00C00B197 tiene una vulnerabilidad de desbordamiento de búfer. Un atacante con el privilegio root del sistema Android puede engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar parámetros al smartphone para que el sistema se cierre inesperadamente o se escalen privilegios. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphone-en http://www.securityfocus.com/bid/95664 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8678
https://notcve.org/view.php?id=CVE-2015-8678
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. El controlador ION en teléfonos inteligentes Huawei P8 con software GRA-TL00 en versiones anteriores a GRA-TL00C01B230, GRA-CL00 en versiones anteriores a GRA-CL00C92B230, GRA-CL10 en versiones anteriores a GRA-CL10C92B230, GRA-UL00 en versiones anteriores a GRA-UL00C00B230 y GRA-UL10 en versiones anteriores a GRA-UL10C00B230 y teléfonos inteligentes Mate S con software CRR-TL00 en versiones anteriores a CRR-TL00C01B160SP01, CRR-UL00 en versiones anteriores a CRR-UL00C00B160 y CRR-CL00 en versiones anteriores a CRR-CL00C92B161 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una aplicación manipulada. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8682
https://notcve.org/view.php?id=CVE-2015-8682
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. El controlador Video0 en smartphones Huawei P8 con software GRA-UL00 en versiones anteriores a GRA-UL00C00B350, GRA-UL10 en versiones anteriores a GRA-UL10C00B350, GRA-TL00 en versiones anteriores a GRA-TL00C01B350, GRA-CL00 en versiones anteriores a GRA-CL00C92B350 y GRA-CL10 en versiones anteriores a GRA-CL10C92B350 y smartphones Mate S con software CRR-TL00 en versiones anteriores a CRR-TL00C01B160SP01, CRR-UL00 en versiones anteriores a CRR-UL00C00B160 y CRR-CL00 en versiones anteriores a CRR-CL00C92B161 permite a atacantes obtener información sensible de la memoria de pila o provocar una denegación de servicio (caída de sistema) a través de una aplicación manipulada, lo que desencadena un acceso de memoria no válido. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en • CWE-20: Improper Input Validation •