CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22304
https://notcve.org/view.php?id=CVE-2021-22304
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en Taurus-AL00A versión 10.0.0.1(C00E1R1P1). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22293
https://notcve.org/view.php?id=CVE-2021-22293
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1). Algunos productos de Huawei presentan una vulnerabilidad de interpretación inconsistente de peticiones HTTP. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-01-http-en • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22302
https://notcve.org/view.php?id=CVE-2021-22302
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. Se presenta una vulnerabilidad de lectura fuera de límites en Taurus-AL00A versión 10.0.0.1(C00E1R1P1). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-smartphone-en • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22303
https://notcve.org/view.php?id=CVE-2021-22303
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. Se presenta una vulnerabilidad de doble liberación de puntero en Taurus-AL00A versión 10.0.0.1(C00E1R1P1). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-02-smartphone-en • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9093
https://notcve.org/view.php?id=CVE-2020-9093
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en Taurus-AL00A versiones 10.0.0.1(C00E1R1P1). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-smartphone-en • CWE-416: Use After Free •