CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5276
https://notcve.org/view.php?id=CVE-2019-5276
23 Dec 2019 — Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. Los teléfonos inteligentes Huawei con versiones anteriores a ELLE-AL00B 9.1.0.222(C00E220R2P1), presentan una vulnerabilidad de desbordamiento de búfer. Un atacante puede interceptar y manipular el paquete en la re... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191218-02-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5246
https://notcve.org/view.php?id=CVE-2019-5246
12 Nov 2019 — Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack. Successful exploit could cause DOS or malicious code execution. Teléfonos Inteligentes con software de E... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-codeexecution-en • CWE-345: Insufficient Verification of Data Authenticity •