CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2697
https://notcve.org/view.php?id=CVE-2017-2697
The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. El controlador goldeneye en NMO-L31C432B120 y versiones anteriores; NEM-L21C432B100 y anteriores; NEM-L51C432B120 y anteriores; KNT-AL10C746B160 y anteriores; VNS-L21C185B142 y anteriores; CAM-L21C10B130 y anteriores y CAM-L21C185B141 y versiones anteriores tiene una vulnerabilidad de desbordamiento de búfer. Un atacante con el privilegio root del sistema Android puede engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar parámetros al smartphone para que el sistema se cierre inesperadamente o se escalen privilegios. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-02-smartphone-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2017-2703
https://notcve.org/view.php?id=CVE-2017-2703
Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. Puede eludirse Phone Finder en versiones anteriores a la MHA-AL00BC00B156; anteriores a la MHA-CL00BC00B156; anteriores a la MHA-DL00BC00B156; anteriores a la MHA-TL00BC00B156; anteriores a la EVA-AL10C00B373; anteriores a la EVA-CL10C00B373; anteriores a la EVA-DL10C00B373 y versiones anteriores a la EVA-TL10C00B373. Un atacante puede eludir Phone Finder mediante pasos especiales y entrar en la configuración del sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en http://www.securityfocus.com/bid/95657 •
CVSS: 9.3EPSS: 0%CPEs: 26EXPL: 0CVE-2017-8150
https://notcve.org/view.php?id=CVE-2017-8150
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. Los cargadores de arranque de los móviles Huawei P10 y P10 Plus con versiones de software anteriores a Victoria-L09AC605B162, Victoria-L29AC605B162 y Vicky-L29AC605B162 tienen una vulnerabilidad de escritura de memoria arbitraria debido a la falta de validación de parámetros. Un atacante con privilegios root de un sistema Android podría engañar a un usuario para que instale una app maliciosa. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2731
https://notcve.org/view.php?id=CVE-2017-2731
The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. El servicio de vibración en smartphones P9 Plus con versiones de software anteriores a la VIE-AL10C00B386 tiene una vulnerabilidad de denegación de servicio (DoS). Un atacante puede engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar parámetros a la interfaz del servicio de vibración del smartphone para que el sistema se cierre inesperadamente. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170315-01-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 1CVE-2016-8776
https://notcve.org/view.php?id=CVE-2016-8776
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. Teléfonos Huawei P9 con software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 y teléfonos P9 Lite con software VNS-L21C185 permiten a atacantes eludir la protección de restablecimiento de fábrica (FRP) para introducir algunos módulos funcionales sin autorización y realizar operaciones para actualizar la cuenta de Google. • https://github.com/akzedevops/CVE-2016-8776 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-smartphone-en http://www.securityfocus.com/bid/94836 • CWE-285: Improper Authorization •