CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2713
https://notcve.org/view.php?id=CVE-2017-2713
HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information. Los smartphones Huawei P9 con versiones de software anteriores a la EVA-AL00C00B365, anteriores a la EVA-L09C636B380, anteriores a la VIE-L09C432B370 y versiones anteriores a la VIE-L29C636B370 tienen una vulnerabilidad de validación de entradas insuficiente. Un atacante podría explotar esta vulnerabilidad para alterar los mensajes de señalización de interfaz aérea y obtener información de comunicación. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2017-2727
https://notcve.org/view.php?id=CVE-2017-2727
Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An unauthenticated attacker can bypass phone activation to user management page of the phone and create a new user. Successful exploit could allow the attacker operate part function of the phone. Los smartphones Huawei P9 con versiones de software anteriores a la EVA-AL00C00B365, anteriores a la EVA-AL10C00B365, anteriores a la EVA-CL00C92B365, anteriores a la EVA-DL00C17B365 y versiones anteriores a la EVA-TL00C01B365 tienen una vulnerabilidad de escalado de privilegios. Un atacante no autenticado puede omitir la activación del teléfono en la página de gestión de usuarios del teléfono y crear un nuevo usuario. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170209-01-smartphone-en •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8148
https://notcve.org/view.php?id=CVE-2017-8148
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot. El controlador de audio en los smartphones P9 con versiones de software anteriores a EVA-AL10C00B389 tiene una vulnerabilidad de denegación de servicio (DoS). Un atacante podría engañar a un usuario para que instale una aplicación maliciosa en el smartphonne y una condición de carrera causaría el acceso a un puntero nulo cuando la aplicación accede a los recursos compartidos, lo que haría que se reinicie el sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-smartphone-en • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 0CVE-2017-8215
https://notcve.org/view.php?id=CVE-2017-8215
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. Los smartphones Huawei Honor 8, Honor V8, Honor 9, Honor V9, Nova 2, Nova 2 Plus, P9, P10 Plus y Toronto con versiones de software anteriores a FRD-AL00C00B391, FRD-DL00C00B391, KNT-AL10C00B391, KNT-AL20C00B391, KNT-UL10C00B391, KNT-TL10C00B391, Stanford-AL00C00B175, Stanford-AL10C00B175, Stanford-TL00C01B175, Duke-AL20C00B191, Duke-TL30C01B191, Picasso-AL00C00B162, Picasso-TL00C01B162 , Barca-AL00C00B162, Barca-TL00C00B162, EVA-AL10C00B396SP03, EVA-CL00C92B396, EVA-DL00C17B396, EVA-TL00C01B396 , Vicky-AL00AC00B172, Toronto-AL00AC00B191 y Toronto-TL10C01B191 tienen una vulnerabilidad de control de permisos. Un atacante con privilegios de sistema de un móvil puede explotar esta vulnerabilidad para omitir la verificación del código de desbloqueo y desbloquear el cargador de arranque del teléfono móvil. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2711
https://notcve.org/view.php?id=CVE-2017-2711
P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. Los smartphones P9 Plus con software en versiones anteriores a la VIE-AL10C00B352 tienen una vulnerabilidad de validación de entradas en el controlador de la pantalla táctil. Un atacante puede engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar parámetros al smartphone para que el sistema se cierre inesperadamente. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en http://www.securityfocus.com/bid/95663 • CWE-20: Improper Input Validation •