CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1808
https://notcve.org/view.php?id=CVE-2020-1808
Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. Los teléfonos inteligentes Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 con versiones anteriores a 10.0.0.187(C00E60R4P11); versiones anteriores a 10.0.0.187(C00E60R4P11); versiones anteriores a 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versiones anteriores a 10.1.0.123(C431E22R3P5), versiones anteriores a 10.1.0.126(C636E5R3P4), versiones anteriores a 10.1.0.160(C00E160R2P11); versiones anteriores a 10.1.0.126(C185E8R5P1), versiones anteriores a 10.1.0.126(C636E9R2P4), versiones anteriores a 10.1.0.160(C00E160R2P8); versiones anteriores a 10.0.0.179(C636E3R4P3), versiones anteriores a 10.0.0.180(C185E3R3P3), versiones anteriores a 10.0.0.180(C432E10R3P4), versiones anteriores a 10.0.0.181(C675E5R1P2) presentan una vulnerabilidad de lectura fuera del límite. El software lee los datos más allá del final del búfer previsto. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-02-smartphone-en • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0CVE-2019-5303
https://notcve.org/view.php?id=CVE-2019-5303
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0CVE-2019-5302
https://notcve.org/view.php?id=CVE-2019-5302
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2020-0069 – Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-0069
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 En los manejadores de ioctl del controlador Mediatek de Command Queue, hay una posible escritura fuera de límites debido a un saneamiento de entrada insuficiente y a una falta de restricciones de SELinux. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en https://source.android.com/security/bulletin/2020-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2020-1882
https://notcve.org/view.php?id=CVE-2020-1882
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations. Los teléfonos móviles Huawei Ever-L29B versiones anteriores a 10.0.0.180(C185E6R3P3), anteriores a 10.0.0.180(C432E6R1P7), anteriores a 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versiones anteriores a 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versiones anteriores a 10.0.0.176(C00E70R2P8); y Honor Magic2 versiones anteriores a 10.0.0.175(C00E59R2P11), presentan una vulnerabilidad de autorización inapropiada. Debido a una autorización inapropiada de alguna función, un atacante puede omitir la autorización para llevar a cabo algunas operaciones. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-phone-en •