Vulnerabilites related to Huawei - Mate 10
var-202005-0625
Vulnerability from variot
HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. Huawei Mate 10 is a smart phone of the Chinese company Huawei
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0.143\\(c00e143r2p4\\)"
},
{
"model": "mate 10",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "10.0.0.143(c00e143r2p4)"
},
{
"model": "mate \u003c10.0.0.143",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
}
]
},
"cve": "CVE-2020-1809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1809",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005915",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-31102",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-1809",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005915",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1809",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005915",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-31102",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1348",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. Huawei Mate 10 is a smart phone of the Chinese company Huawei",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1809"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "CNVD",
"id": "CNVD-2020-31102"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1809",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"id": "VAR-202005-0625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
}
],
"trust": 1.26765326
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
}
]
},
"last_update_date": "2024-11-23T22:41:05.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20200527-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
},
{
"title": "Patch for Huawei Mate 10 information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/219803"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1809"
},
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1809"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200527-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"date": "2020-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"date": "2020-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"date": "2020-05-29T20:15:11.170000",
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"date": "2020-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005915"
},
{
"date": "2020-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1348"
},
{
"date": "2024-11-21T05:11:25.337000",
"db": "NVD",
"id": "CVE-2020-1809"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate 10 information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31102"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1348"
}
],
"trust": 0.6
}
}
var-201805-1005
Vulnerability from variot
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. Huawei smartphone Mate 10 and Mate 10 Pro Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 9",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "8.0.0.129\\(sp2c00\\)"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "8.0.0.129\\(sp2c01\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.129(sp2c00)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "8.0.0.129(sp2c01)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
}
]
},
"cve": "CVE-2018-7940",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7940",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"id": "CVE-2018-7940",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7940",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7940",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-343",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0.129(SP2C01) have an authentication bypass vulnerability. An attacker with high privilege obtains the smart phone and bypass the activation function by some specific operations. Huawei smartphone Mate 10 and Mate 10 Pro Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7940"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7940",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"id": "VAR-201805-1005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.62765928
},
"last_update_date": "2024-11-23T22:00:30.707000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180509-01-mobile",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-mobile-en"
},
{
"title": "Huawei Mate 10 and Mate 10 Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80005"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180509-01-mobile-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7940"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7940"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"date": "2018-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"date": "2018-05-10T14:29:00.673000",
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004816"
},
{
"date": "2018-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-343"
},
{
"date": "2024-11-21T04:12:59.710000",
"db": "NVD",
"id": "CVE-2018-7940"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphone Mate 10 and Mate 10 Pro Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-343"
}
],
"trust": 0.6
}
}
var-201906-0049
Vulnerability from variot
The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Mate 10 is a smartphone product from China's Huawei
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l29_9.0.0.159\\(c185\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-l29 9.0.0.159(c185)"
},
{
"model": "mate \u003calp-l29 9.0.0.159",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
}
]
},
"cve": "CVE-2019-5305",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5305",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2019-33604",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5305",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5305",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5305",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-33604",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-952",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Mate 10 is a smartphone product from China\u0027s Huawei",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5305"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNVD",
"id": "CNVD-2019-33604"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5305",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-33604",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"id": "VAR-201906-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
}
],
"trust": 1.43382663
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
}
]
},
"last_update_date": "2024-11-23T22:48:23.024000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190128-01-ivp",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
},
{
"title": "Patch for Huawei Mate 10 memory released repeatedly",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/182853"
},
{
"title": "Huawei Mate 10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88999"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5305"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5305"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190128-01-ivp-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"date": "2019-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"date": "2019-06-06T15:29:01.373000",
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33604"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005369"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-952"
},
{
"date": "2024-11-21T04:44:42.940000",
"db": "NVD",
"id": "CVE-2019-5305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate10 Vulnerability related to double release in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-952"
}
],
"trust": 0.6
}
}
var-201906-0354
Vulnerability from variot
There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones are vulnerable to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China's Huawei company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-al00b_9.0.0.167\\(c00e85r2p20t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-al00b 9.0.0.167(c00e85r2p20t8)"
},
{
"model": "mate10 \u003calp-al00b 9.0.0.167",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
}
]
},
"cve": "CVE-2019-5214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5214",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-01683",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5214",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5214",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5214",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-01683",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-329",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones are vulnerable to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China\u0027s Huawei company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5214"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNVD",
"id": "CNVD-2019-01683"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5214",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-01683",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"id": "VAR-201906-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
}
],
"trust": 1.43382663
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
}
]
},
"last_update_date": "2024-11-23T22:25:55.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190109-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
},
{
"title": "HuaweiMate10 releases patches for reusing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/150149"
},
{
"title": "Huawei Mate10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88473"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5214"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190109-01-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5214"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"date": "2019-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"date": "2019-06-06T15:29:01.110000",
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-01683"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005373"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-329"
},
{
"date": "2024-11-21T04:44:31.730000",
"db": "NVD",
"id": "CVE-2019-5214"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate10 Vulnerability related to the use of released memory on smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005373"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-329"
}
],
"trust": 0.6
}
}
var-201809-1152
Vulnerability from variot
Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. Huawei smartphone Mate10 Contains vulnerabilities related to security features.Information may be tampered with. HuaweiMate10 is a smartphone product. HuaweiMate10 has an FRP bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-al00b_8.0.0.110\\(c00\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-al00b 8.0.0.110(c00)"
},
{
"model": "mate \u003calp-al00b 8.0.0.110",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
}
]
},
"cve": "CVE-2018-7991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7991",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-18616",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2018-7991",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7991",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-7991",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-18616",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-646",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific operations. Successful exploit could allow the attacker bypass the FRP protection to access the system setting page. Huawei smartphone Mate10 Contains vulnerabilities related to security features.Information may be tampered with. HuaweiMate10 is a smartphone product. HuaweiMate10 has an FRP bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7991"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNVD",
"id": "CNVD-2018-18616"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7991",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-18616",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"id": "VAR-201809-1152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
}
],
"trust": 1.43382663
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
}
]
},
"last_update_date": "2024-11-23T23:08:34.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180912-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
},
{
"title": "HuaweiMate10FRP bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/140029"
},
{
"title": "Huawei Mate 10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84896"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180912-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7991"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7991"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180912-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"date": "2019-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"date": "2018-09-18T13:29:01.220000",
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18616"
},
{
"date": "2019-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011928"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-646"
},
{
"date": "2024-11-21T04:13:02.630000",
"db": "NVD",
"id": "CVE-2018-7991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei smartphone Mate10 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-646"
}
],
"trust": 0.6
}
}
var-202012-1401
Vulnerability from variot
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. Mate 10 firmware, Mate 30 firmware, Mate 30 Pro firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 30",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.156\\(c00e155r7p2\\)"
},
{
"model": "mate 30 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.156\\(c00e156r7p2\\)"
},
{
"model": "p40",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.150\\(sp1c00e150r4p1\\)"
},
{
"model": "p40 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0.150\\(sp1c00e150r4p1\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0.189\\(c185e6r1p3\\)"
},
{
"model": "p40",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 30 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 30",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p40 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"cve": "CVE-2020-9119",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9119",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"id": "CVE-2020-9119",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-9119",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9119",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-9119",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1542",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion. Mate 10 firmware, Mate 30 firmware, Mate 30 Pro firmware etc. Huawei There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9119"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9119",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018300",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1542",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"id": "VAR-202012-1401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5351061866666666
},
"last_update_date": "2024-11-23T22:47:44.214000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Huawei Product Privilege License and Access Control Issue Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138013"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9119"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"date": "2020-12-24T16:15:15.850000",
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-18T10:27:00",
"db": "JVNDB",
"id": "JVNDB-2020-018300"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1542"
},
{
"date": "2024-11-21T05:40:05.323000",
"db": "NVD",
"id": "CVE-2020-9119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1542"
}
],
"trust": 0.6
}
}
var-201807-2068
Vulnerability from variot
HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. HUAWEI Mate 10 Smartphones are vulnerable to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone from China's Huawei company. A memory error reference vulnerability exists in the mediaserver component of the HuaweiMate10 phone
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-al00_8.1.0.311"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-al00 8.1.0.311"
},
{
"model": "mate \u003calp-al00",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "108.1.0.311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
}
]
},
"cve": "CVE-2018-7993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-7993",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2018-13042",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-7993",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7993",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7993",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-13042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-2009",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. HUAWEI Mate 10 Smartphones are vulnerable to the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone from China\u0027s Huawei company. A memory error reference vulnerability exists in the mediaserver component of the HuaweiMate10 phone",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7993"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNVD",
"id": "CNVD-2018-13042"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7993",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13042",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"id": "VAR-201807-2068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
}
],
"trust": 1.43382663
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
}
]
},
"last_update_date": "2024-11-23T22:55:49.513000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180711-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
},
{
"title": "HuaweiMate10 phone memory error reference vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134169"
},
{
"title": "Huawei Mate 10 mediaserver Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82736"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7993"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7993"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180711-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"date": "2018-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"date": "2018-07-31T14:29:01.120000",
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13042"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008885"
},
{
"date": "2018-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2009"
},
{
"date": "2024-11-21T04:13:02.860000",
"db": "NVD",
"id": "CVE-2018-7993"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HUAWEI Mate 10 Vulnerability related to the use of released memory on smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008885"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2009"
}
],
"trust": 0.6
}
}
var-201906-0358
Vulnerability from variot
There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China's Huawei company. A driver in the previous version of HuaweiMate10ALP-AL00B9.0.0.181 (C00E87R2P20T8) has a memory re-release vulnerability that an attacker can use to induce a user to install a malicious mobile phone application to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-al00b_9.0.0.181\\(c00e87r2p20t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-al00b 9.0.0.181(c00e87r2p20t8)"
},
{
"model": "mate10 \u003calp-al00b 9.0.0.181",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
}
]
},
"cve": "CVE-2019-5219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-5219",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2019-03787",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-5219",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5219",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5219",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-03787",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-1030",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China\u0027s Huawei company. A driver in the previous version of HuaweiMate10ALP-AL00B9.0.0.181 (C00E87R2P20T8) has a memory re-release vulnerability that an attacker can use to induce a user to install a malicious mobile phone application to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5219"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNVD",
"id": "CNVD-2019-03787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5219",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-03787",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"id": "VAR-201906-0358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
}
],
"trust": 1.43382663
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
}
]
},
"last_update_date": "2024-11-23T23:04:46.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20190130-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
},
{
"title": "HuaweiMate10 Memory Re-release Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/153005"
},
{
"title": "Huawei Mate10 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-415",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5219"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5219"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190130-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"date": "2019-01-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"date": "2019-06-06T15:29:01.203000",
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03787"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005375"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-1030"
},
{
"date": "2024-11-21T04:44:32.703000",
"db": "NVD",
"id": "CVE-2019-5219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate10 Vulnerability related to double release in smartphones",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005375"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-1030"
}
],
"trust": 0.6
}
}
var-201912-0062
Vulnerability from variot
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. Huawei Mate 9 and other products are products of China's Huawei. Huawei Mate 9 is a smartphone. Huawei Mate 10 is a smartphone product of Huawei. Honor 9 Lite is a smartphone. The vulnerability stems from the system's improper handling of application information with an application lock set in a specific scenario that rarely occurs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate pro \u003c9.0.0.159",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "10"
},
{
"model": "honor \u003c9.0.0.159",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "v10"
},
{
"model": "honor lite \u003c9.1.0.118",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003c9.0.0.159",
"scope": "eq",
"trust": 1.2,
"vendor": "huawei",
"version": "10"
},
{
"model": "honor 9 lite",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.121\\(c432e4r1p3t8\\)"
},
{
"model": "changxiang 7s",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.107\\(c00e107r2p8t8\\)"
},
{
"model": "honor 9i",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.121\\(c432e4r1p3t8\\)"
},
{
"model": "honor 9 lite",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.118\\(c636e4r1p1t8\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c185e2r1p13t8\\)"
},
{
"model": "y9 2018",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.115\\(c432e5r1p1t8\\)"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.1.159\\(c636e6r1p8t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c432e4r1p9t8\\)"
},
{
"model": "p-smart",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.130\\(c432e8r1p5t8\\)"
},
{
"model": "honor 9i",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.106\\(sp53c636e2r1p4t8\\)"
},
{
"model": "honor 9 lite",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.113\\(c00e111r2p10t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.167\\(c00e85r2p20t8\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c636e2r1p13t8\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.161\\(c432e4r1p11t8\\)"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.1.158\\(c432e6r1p8t8\\)"
},
{
"model": "honor 9 lite",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.118\\(c185e4r1p4t8\\)"
},
{
"model": "honor v10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c636e3r1p12t8\\)"
},
{
"model": "honor v10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.156\\(c00e156r2p14t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.177\\(c185e2r1p12t8\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.167\\(c00e87r2p15t8\\)"
},
{
"model": "y9 2018",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.120\\(c636e5r1p1t8\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c636e2r1p12t8\\)"
},
{
"model": "changxiang 8 plus",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.111\\(c00e111r1p6t8\\)"
},
{
"model": "p-smart",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.1.0.119\\(c636e5r1p1t8\\)"
},
{
"model": "honor v10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "9.0.0.159\\(c432e4r1p9t8\\)"
},
{
"model": "changxiang 7s",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "changxiang 8 plus",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "honor 9 lite",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "honor 9i",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "honor v10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 10 pro",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 10",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate 9",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p smart",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "y9 2018",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "mate pro \u003c9.0.0.167",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate pro \u003c9.0.0.161",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "honor \u003c9.0.0.156",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "v10"
},
{
"model": "changxiang 7s \u003c9.1.0.107",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p-smart \u003c9.1.0.119",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p-smart \u003c9.1.0.130",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "changxiang \u003c=9.1.0.111",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "y9 \u003c9.1.0.115",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2018"
},
{
"model": "y9 \u003c9.1.0.120",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "2018"
},
{
"model": "honor lite \u003c9.1.0.113",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "honor lite \u003c9.1.0.121",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "honor 9i \u003c9.1.0.112",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 9i \u003c9.1.0.106",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "mate \u003c9.0.1.158",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003c9.0.1.159",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate \u003c9.0.0.167",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate \u003c9.0.0.177",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:changxiang_7s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:changxiang_8_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor_9_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor_9i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:honor_v10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_10_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p-smart_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:y9_2018_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vulnerability was reported to Huawei by security researcher Fan Yuchen PSIRT . Huawei thanks Fan Yuzheng for cooperating with us to disclose the vulnerability to protect Huawei\u0027s customers.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5264",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-36736",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2019-5264",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5264",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5264",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-5264",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-36736",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-552",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure. Huawei Mate 9 and other products are products of China\u0027s Huawei. Huawei Mate 9 is a smartphone. Huawei Mate 10 is a smartphone product of Huawei. Honor 9 Lite is a smartphone. The vulnerability stems from the system\u0027s improper handling of application information with an application lock set in a specific scenario that rarely occurs",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNVD",
"id": "CNVD-2020-36736"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5264",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-36736",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"id": "VAR-201912-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
}
],
"trust": 1.2945170445454544
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
}
]
},
"last_update_date": "2024-11-23T21:51:49.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20191211-01-smartphone",
"trust": 0.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
},
{
"title": "Patch for Multiple Huawei product information disclosure vulnerabilities (CNVD-2020-36736)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/224731"
},
{
"title": "Multiple Huawei Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105742"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5264"
},
{
"trust": 1.2,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191211-01-smartphone-cn"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5264"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"date": "2019-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"date": "2019-12-13T23:15:12.050000",
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-36736"
},
{
"date": "2020-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013432"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-552"
},
{
"date": "2024-11-21T04:44:38.040000",
"db": "NVD",
"id": "CVE-2019-5264"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Information disclosure vulnerabilities in smartphone products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013432"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-552"
}
],
"trust": 0.6
}
}
var-201712-0798
Vulnerability from variot
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei's smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0798",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-al00_8.0.0.120\\(sp2c00\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "bla-al00_8.0.0.120\\(sp2c00\\)"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "lon-al00b_8.0.0.334\\(c00\\)"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "mha-al00b_8.0.0.334\\(c00\\)"
},
{
"model": "mate 10 pro",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "bla-al00 8.0.0.120(sp2c00)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-al00 8.0.0.120(sp2c00)"
},
{
"model": "mate 9 pro",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "lon-al00b 8.0.0.334(c00)"
},
{
"model": "mate 9",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "mha-al00b 8.0.0.334(c00)"
},
{
"model": "mate \u003calp-al00 8.0.0.120",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate pro \u003cbla-al00 8.0.0.120",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate \u003cmha-al00b 8.0.0.334",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
},
{
"model": "mate pro \u003clon-al00b 8.0.0.334",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_9_pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:mate_9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tencent Keen Security Lab",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
}
],
"trust": 0.6
},
"cve": "CVE-2017-15311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2017-15311",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38110",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-15311",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15311",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-15311",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-38110",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-465",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. plural Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate10 and Mate10Pro are both Huawei\u0027s smartphone products. Basebandmodules is one of the baseband modules. A stack overflow vulnerability exists in the baseband module in versions prior to HuaweiMate10ALP-AL008.0.0.120 (SP2C00) and in versions prior to Mate10ProBLA-AL008.0.0.120 (SP2C00) because the program did not adequately detect the parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15311"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "CNVD",
"id": "CNVD-2017-38110"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15311",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-38110",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201710-465",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"id": "VAR-201712-0798",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
}
],
"trust": 1.4834128514285714
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
}
]
},
"last_update_date": "2024-11-23T22:48:52.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171125-01-baseband",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
},
{
"title": "Patch for Huawei HuaweiMate10 and Mate10Pro stack overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111735"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15311"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15311"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"date": "2017-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"date": "2017-12-22T17:29:13.063000",
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38110"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011709"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-465"
},
{
"date": "2024-11-21T03:14:26.417000",
"db": "NVD",
"id": "CVE-2017-15311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Buffer error vulnerability in smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-465"
}
],
"trust": 0.6
}
}
var-201803-1042
Vulnerability from variot
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate Smartphone contains an out-of-bounds read vulnerability and an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. HuaweiMate10 is a smartphone from China's Huawei company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(c432\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.127\\(c900\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(402\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(c346\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.120\\(c212\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(c02\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(c109\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "alp-l09_8.0.0.128\\(c652\\)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-l09 8.0.0.120(c212)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-l09 8.0.0.127(c900)"
},
{
"model": "mate 10",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "alp-l09 8.0.0.128(402/c02/c109/c346/c432/c652)"
},
{
"model": "mate pro \u003cbla-al00 8.0.0.120",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate \u003calp-l09 8.0.0.127",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
},
{
"model": "mate \u003clp-l09 8.0.0.128",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:mate_10_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
}
]
},
"cve": "CVE-2017-17227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-03963",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-17227",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17227",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17227",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-03963",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-299",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate Smartphone contains an out-of-bounds read vulnerability and an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. HuaweiMate10 is a smartphone from China\u0027s Huawei company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17227"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNVD",
"id": "CNVD-2018-03963"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17227",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-03963",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"id": "VAR-201803-1042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
}
],
"trust": 1.533530652
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
}
]
},
"last_update_date": "2024-11-23T22:45:25.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20180207-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
},
{
"title": "HuaweiMate10 memory outbound access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/119455"
},
{
"title": "Huawei Mate 10 GPU Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
},
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17227"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17227"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180207-01-smartphone-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"date": "2018-03-09T17:29:01.500000",
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03963"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012798"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-299"
},
{
"date": "2024-11-21T03:17:42.087000",
"db": "NVD",
"id": "CVE-2017-17227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei Mate Smartphone vulnerabilities related to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012798"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-299"
}
],
"trust": 0.6
}
}
cve-2019-5305
Vulnerability from cvelistv5
Published
2019-06-06 14:35
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:35:18",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5305",
"datePublished": "2019-06-06T14:35:18",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}