var-201704-0495
Vulnerability from variot
Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. Huawei P9 , P9 Plus ,and Honor 6 A buffer error vulnerability exists in the touch screen driver of the smartphone software.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. HuaweiSmartPhones is a smart phone from China Huawei. A number of Huawei smartphone drivers have a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on an affected device. Multiple Huawei Smart Phones drivers are prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Huawei P9 versions prior to EVA-AL10C00B192 are vulnerable. Honor 6 versions prior to H60-L02_6.10.1 are vulnerable. Huawei Smart Phones P9 is a smartphone from the Chinese company Huawei. Tothscreen is one of the touch screen drivers. Attackers can exploit this vulnerability to crash the system or elevate privileges by enticing users to install malicious applications and sending specific parameters to the touthscreen driver
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0495",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p9 plus",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "p9",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 6",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "honor 6",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9 plus",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9 \u003ceva-al10c00b192",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-al10c00b190",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "honor",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9.16"
},
{
"model": "honor",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "66.9"
},
{
"model": "p9 eva-al10c00b192",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "honor h60-l02 6.10.1",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "BID",
"id": "93530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:honor6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p9_plus_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.",
"sources": [
{
"db": "BID",
"id": "93530"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8760",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8760",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2016-09938",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-97580",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8760",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8760",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8760",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-09938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-664",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97580",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "VULHUB",
"id": "VHN-97580"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. Huawei P9 , P9 Plus ,and Honor 6 A buffer error vulnerability exists in the touch screen driver of the smartphone software.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. HuaweiSmartPhones is a smart phone from China Huawei. A number of Huawei smartphone drivers have a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on an affected device. Multiple Huawei Smart Phones drivers are prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. \nHuawei P9 versions prior to EVA-AL10C00B192 are vulnerable. \nHonor 6 versions prior to H60-L02_6.10.1 are vulnerable. Huawei Smart Phones P9 is a smartphone from the Chinese company Huawei. Tothscreen is one of the touch screen drivers. Attackers can exploit this vulnerability to crash the system or elevate privileges by enticing users to install malicious applications and sending specific parameters to the touthscreen driver",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8760"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "BID",
"id": "93530"
},
{
"db": "VULHUB",
"id": "VHN-97580"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8760",
"trust": 3.4
},
{
"db": "BID",
"id": "93530",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-09938",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97580",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "VULHUB",
"id": "VHN-97580"
},
{
"db": "BID",
"id": "93530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"id": "VAR-201704-0495",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "VULHUB",
"id": "VHN-97580"
}
],
"trust": 1.28881818
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
}
]
},
"last_update_date": "2024-11-23T21:54:08.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161012-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en"
},
{
"title": "Patch for multiple Huawei smartphone driver heap buffer overflow vulnerabilities (CNVD-2016-09938)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82929"
},
{
"title": "Huawei Smart Phones P9 touthscreen Driver fix for heap-based buffer overflow vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97580"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/93530"
},
{
"trust": 2.0,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8760"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8760"
},
{
"trust": 0.3,
"url": "http://www.huawei.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "VULHUB",
"id": "VHN-97580"
},
{
"db": "BID",
"id": "93530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"db": "VULHUB",
"id": "VHN-97580"
},
{
"db": "BID",
"id": "93530"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97580"
},
{
"date": "2016-10-12T00:00:00",
"db": "BID",
"id": "93530"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"date": "2017-04-02T20:59:01.220000",
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09938"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-97580"
},
{
"date": "2016-12-20T01:09:00",
"db": "BID",
"id": "93530"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008234"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-664"
},
{
"date": "2024-11-21T03:00:00.590000",
"db": "NVD",
"id": "CVE-2016-8760"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Buffer error vulnerability in touchscreen driver of smartphone software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-664"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.