CVSS: 6.3EPSS: 0%CPEs: 62EXPL: 0CVE-2017-17171
https://notcve.org/view.php?id=CVE-2017-17171
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. Algunos smartphones Huawei tienen una vulnerabilidad de denegación de servicio (DoS) debido al procesamiento incorrecto de parámetros maliciosos. Un atacante podría engañar a un usuario objetivo para que descargar un APK malicioso e inicie ataques mediante una aplicación preinstalada con permisos específicos. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180530-01-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8783
https://notcve.org/view.php?id=CVE-2016-8783
Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege. El controlador Touchscreen en Huawei H60 (Honor 6), en versiones anteriores a H60-L02_6.12.16 y P9 Plus, en versiones anteriores a VIE-AL10BC00B356, tiene una vulnerabilidad de desbordamiento de pila. Un atacante podría engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar un parámetro dado al controlador de la pantalla táctil para provocar el cierre inesperado del sistema o escalar privilegios. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161215-01-smartphone-en http://www.securityfocus.com/bid/94944 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 44EXPL: 0CVE-2017-8215
https://notcve.org/view.php?id=CVE-2017-8215
Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have a permission control vulnerability. An attacker with the system privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. Los smartphones Huawei Honor 8, Honor V8, Honor 9, Honor V9, Nova 2, Nova 2 Plus, P9, P10 Plus y Toronto con versiones de software anteriores a FRD-AL00C00B391, FRD-DL00C00B391, KNT-AL10C00B391, KNT-AL20C00B391, KNT-UL10C00B391, KNT-TL10C00B391, Stanford-AL00C00B175, Stanford-AL10C00B175, Stanford-TL00C01B175, Duke-AL20C00B191, Duke-TL30C01B191, Picasso-AL00C00B162, Picasso-TL00C01B162 , Barca-AL00C00B162, Barca-TL00C00B162, EVA-AL10C00B396SP03, EVA-CL00C92B396, EVA-DL00C17B396, EVA-TL00C01B396 , Vicky-AL00AC00B172, Toronto-AL00AC00B191 y Toronto-TL10C01B191 tienen una vulnerabilidad de control de permisos. Un atacante con privilegios de sistema de un móvil puede explotar esta vulnerabilidad para omitir la verificación del código de desbloqueo y desbloquear el cargador de arranque del teléfono móvil. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170807-01-smartphone-en •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2711
https://notcve.org/view.php?id=CVE-2017-2711
P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. Los smartphones P9 Plus con software en versiones anteriores a la VIE-AL10C00B352 tienen una vulnerabilidad de validación de entradas en el controlador de la pantalla táctil. Un atacante puede engañar a un usuario para que instale una aplicación maliciosa en el smartphone y enviar parámetros al smartphone para que el sistema se cierre inesperadamente. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-03-smartphone-en http://www.securityfocus.com/bid/95663 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2734
https://notcve.org/view.php?id=CVE-2017-2734
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. Los smartphones P9 Plus con versiones de software anteriores a la VIE-AL10BC00B386 tienen una vulnerabilidad de denegación de servicio (DoS). Un atacante engaña a un usuario para que instale una aplicación maliciosa en el smartphone y la aplicación puede enviar parámetros a una interfaz específica. Esto provoca que se asigne una gran cantidad de memoria y que el smartphone se cierre inesperadamente debido al agotamiento de memoria. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-02-smartphone-en • CWE-400: Uncontrolled Resource Consumption •