CVSS: 4.6EPSS: 0%CPEs: 122EXPL: 0CVE-2019-19412
https://notcve.org/view.php?id=CVE-2019-19412
08 Jun 2020 — Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en. Algunos teléfonos inteligentes Huawei presentan una vulnerabilidad de seguridad que omite la Factory Reset Protec... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en •
CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0CVE-2019-5303
https://notcve.org/view.php?id=CVE-2019-5303
27 Apr 2020 — There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 150EXPL: 0CVE-2019-5302
https://notcve.org/view.php?id=CVE-2019-5302
27 Apr 2020 — There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 48%CPEs: 159EXPL: 31CVE-2019-2215 – Android Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-2215
04 Oct 2019 — A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevación de privilegios desde una aplicación en el kernel de Linux. No es re... • https://packetstorm.news/files/id/156495 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 3%CPEs: 371EXPL: 1CVE-2019-9506 – Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
https://notcve.org/view.php?id=CVE-2019-9506
14 Aug 2019 — The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. La especificación de Bluetooth BR/EDR incluyendo versión 5.1, permite una longitud de clave de cifrado suficientemente baja y no impide que un atacante influya en la negociación d... • https://github.com/francozappa/knob • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7922
https://notcve.org/view.php?id=CVE-2018-7922
12 Sep 2018 — Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. Los smartphones Huawei ALP-L09 en versiones anteriores a la ALP-L09 8.0.0.150(C432) tienen una vulnerabilidad de valid... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7923
https://notcve.org/view.php?id=CVE-2018-7923
12 Sep 2018 — Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. Los smartphones Huawei ALP-L09 en versiones anteriores a la ALP-L09 8.0.0.150(C432) tienen una vulnerabilidad de valid... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en • CWE-20: Improper Input Validation •