CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2020-9247
https://notcve.org/view.php?id=CVE-2020-9247
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B. Se presenta una vulnerabilidad de desbordamiento del búfer en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0CVE-2020-9109
https://notcve.org/view.php?id=CVE-2020-9109
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). Se presenta una vulnerabilidad de divulgación de información en varios teléfonos inteligentes. El dispositivo no comprueba suficientemente la identidad del dispositivo portátil inteligente en determinado escenario específico, el atacante necesita obtener determinada información en el teléfono inteligente de la víctima para iniciar el ataque, y una explotación con éxito podría causar una divulgación de información. Las versiones del producto afectadas incluyen: HUAWEI Mate 20 versiones anteriores a 10.1.0.160(C00E160R3P8), versiones anteriores a 10.1.0.160(C01E160R2P8); HUAWEI Mate 20 X versiones anteriores a 10.1.0.160(C00E160R2P8), versiones anteriores a 10.1.0.160(C01E160R2P8); Dispositivos HUAWEI P30 Pro versiones anteriores a 10.1.0.160(C00E160R2P8); Laya-AL00EP versiones anteriores a 10.1.0.160(C786E160R3P8); Tony-AL00B versiones anteriores a 10.1.0.160(C00E160R2P11); Tony-TL00B versiones anteriores a 10.1.0.160(C01E160R2P11) • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-dos-en • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-9235
https://notcve.org/view.php?id=CVE-2020-9235
Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. Los teléfonos inteligentes Huawei HONOR 20 PRO Versiones anteriores a 10.1.0.230(C432E9R5P1), Versiones anteriores a 10.1.0.231(C10E3R3P2), Versiones anteriores a 10.1.0.231(C185E3R5P1), Versiones anteriores a 10.1.0.231(C636E3R3P1); Versiones anteriores a 10.1. 0.212(C432E10R3P4), Versiones anteriores a 10.1.0.213(C636E3R4P3), Versiones anteriores a 10.1.0.214(C10E5R4P3), Versiones anteriores a 10.1.0.214(C185E3R3P3); Versiones anteriores a 10.1.0.212(C00E210R5P1); Versiones anteriores a 10.1.0.212(C00E210R5P1). 0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C01E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R2P11); Versiones anteriores a 10.1.0.160(C00E160R8P12); Versiones anteriores a 10.1.0.160(C00E160R8P12); Versiones anteriores a 10.1.0.230(C432E9R5P1), Versiones anteriores a 10.1.0.231(C10E3R3P2), Versiones anteriores a 10.1.0.231(C636E3R3P1); Versiones anteriores a 10.1.0.225 (C431E3R1P2), Versiones anteriores a 10.1.0.225(C432E3R1P2), contienen una vulnerabilidad de información. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-07-smartphone-en • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9076
https://notcve.org/view.php?id=CVE-2020-9076
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. Los teléfonos inteligentes HUAWEI P30; HUAWEI P30 Pro; Tony-AL00B con versiones anteriores a 10.1.0.135(C00E135R2P11); versiones anteriores a 10.1.0.135(C00E135R2P8),versiones anteriores a 10.1.0.135, presentan una vulnerabilidad de autenticación inapropiada. Debido a que la identidad del remitente del mensaje no está siendo verificada apropiadamente, un atacante puede explotar esta vulnerabilidad por medio de un ataque de tipo man-in-the-middle para inducir a un usuario a acceder a una URL maliciosa • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 77EXPL: 0CVE-2020-0069 – Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-0069
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 En los manejadores de ioctl del controlador Mediatek de Command Queue, hay una posible escritura fuera de límites debido a un saneamiento de entrada insuficiente y a una falta de restricciones de SELinux. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-mtk-en https://source.android.com/security/bulletin/2020-03-01 • CWE-787: Out-of-bounds Write •