CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9112
https://notcve.org/view.php?id=CVE-2020-9112
19 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de elevación de privilegios. Debido a una falta de restricciones de privilegios en algunas de las fun... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9240
https://notcve.org/view.php?id=CVE-2020-9240
12 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Dispositivos Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de desbordamiento del búfer. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9110
https://notcve.org/view.php?id=CVE-2020-9110
12 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. Dispositivos Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de divulgación de información. El equipo no comprueba la salida del ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9091
https://notcve.org/view.php?id=CVE-2020-9091
12 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Dispositivos Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de lectura y escritura fuera de límites. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9238
https://notcve.org/view.php?id=CVE-2020-9238
12 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. Dispositivos Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de desbordamiento del búfer. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9105
https://notcve.org/view.php?id=CVE-2020-9105
09 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal. Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presentan una vulnerabilidad de comprobación insuficiente de la entrada. Debido a que la lógica de comprobación d... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9084
https://notcve.org/view.php?id=CVE-2020-9084
18 Sep 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Taurus-AN00B versiones anteriores a 10.1.0.156(C00E155R7P2), presenta una vulnerabilidad de uso de la memoria previamente liberada (UAF). Un atacante local autenticado puede llevar a cabo operaciones espec... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en • CWE-416: Use After Free •