2 results (0.010 seconds)

CVSS: 8.1EPSS: 5%CPEs: 3EXPL: 0

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. cn.wps.moffice.common.beans.print.CloudPrintWebView en Kingsoft Office versión 5.3.1, como es usado en los dispositivos Huawei P2 versiones anteriores a V100R001C00B043, vuelve a HTTP cuando la conexión HTTPS presenta un fallo en el registro, lo que permite a atacantes de tipo man-in-the-middle dirigir ataques de degradación y ejecutar código Java arbitrario mediante el aprovechamiento de una posición de red entre el cliente y el registro para bloquear el tráfico HTTPS. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm http://www.securityfocus.com/bid/71381 https://exchange.xforce.ibmcloud.com/vulnerabilities/99089 https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. El controlador de dispositivos hx170dec en Huawei P2-6011 anterior a V100R001C00B043 permite a usuarios locales leer y escribir a localizaciones de memoria arbitrarias a través de vectores no especificados. • http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm http://www.securityfocus.com/bid/71374 https://exchange.xforce.ibmcloud.com/vulnerabilities/99088 https://labs.mwrinfosecurity.com/system/assets/762/original/mwri_advisory_huawei_driver-root-exploit.pdf • CWE-264: Permissions, Privileges, and Access Controls •