CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2017-2703
https://notcve.org/view.php?id=CVE-2017-2703
22 Nov 2017 — Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. Puede eludirse Phone Finder en versiones anteriores a la MHA-AL00BC00B... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8142
https://notcve.org/view.php?id=CVE-2017-8142
22 Nov 2017 — The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. El controlador del m... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2707
https://notcve.org/view.php?id=CVE-2017-2707
22 Nov 2017 — Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. Los smartphones Mate 9 con software MHA-AL00AC00B125 tienen una vulnerabilidad de escalado de privilegios en el módulo Push. Un atacante engaña a un usuario para que guarde medios enriquecidos (rich media) en un mensaje del smart... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2017-8144
https://notcve.org/view.php?id=CVE-2017-8144
22 Nov 2017 — Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en • CWE-920: Improper Restriction of Power Consumption •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2702
https://notcve.org/view.php?id=CVE-2017-2702
22 Nov 2017 — Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. Puede eludirse Phone Finder en versiones anteriores a la MHA-AL00C00B170. Un atacante puede eludir Phone Finder mediante pasos especiales y obtener la titularidad del teléfono. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-smartphone-en •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2706
https://notcve.org/view.php?id=CVE-2017-2706
22 Nov 2017 — Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. Los smartphones Mate 9 con software MHA-AL00AC00B125 tienen una vulnerabilidad de salto de directorio en el módulo Push. Debido a que el sistema no verifica el nombre de archivo durante la descompresión, los directori... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •