Vulnerabilites related to huawei - honor_v9_play
cve-2017-17145
Vulnerability from cvelistv5
Published
2018-03-09 17:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:43:59.722Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-13T00:00:00", descriptions: [ { lang: "en", value: "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-09T16:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2017-17145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2017-17145", datePublished: "2018-03-09T17:00:00", dateReserved: "2017-12-04T00:00:00", dateUpdated: "2024-08-05T20:43:59.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14491
Vulnerability from cvelistv5
Published
2017-10-02 21:00
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:27:40.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039474", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039474", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42941/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-02T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-08T11:42:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1039474", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039474", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42941/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { tags: [ "x_refsource_MISC", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1039474", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039474", }, { name: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { name: "DSA-3989", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3989", }, { name: "https://access.redhat.com/security/vulnerabilities/3199382", refsource: "CONFIRM", url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { name: "101085", refsource: "BID", url: "http://www.securityfocus.com/bid/101085", }, { name: "USN-3430-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-1", }, { name: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", refsource: "CONFIRM", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { name: "101977", refsource: "BID", url: "http://www.securityfocus.com/bid/101977", }, { name: "RHSA-2017:2838", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { name: "VU#973527", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/973527", }, { name: "GLSA-201710-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201710-27", }, { name: "RHSA-2017:2840", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { name: "USN-3430-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-2", }, { name: "RHSA-2017:2839", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { name: "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", refsource: "MLIST", url: "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html", }, { name: "RHSA-2017:2836", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { name: "RHSA-2017:2837", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { name: "42941", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42941/", }, { name: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", refsource: "CONFIRM", url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { name: "RHSA-2017:2841", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { name: "openSUSE-SU-2017:2633", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { name: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", refsource: "MISC", url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { name: "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", refsource: "MLIST", url: "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { name: "FEDORA-2017-515264ae24", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { name: "FEDORA-2017-24f067299e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { name: "USN-3430-3", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3430-3", }, { name: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { name: "SUSE-SU-2017:2619", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { name: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", refsource: "CONFIRM", url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { name: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", refsource: "CONFIRM", url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { name: "FEDORA-2017-7106a157f5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { name: "SUSE-SU-2017:2616", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { name: "SUSE-SU-2017:2617", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { name: "DSA-3989", refsource: "DEBIAN", url: "https://www.debian.org/security/2017/dsa-3989", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14491", datePublished: "2017-10-02T21:00:00", dateReserved: "2017-09-15T00:00:00", dateUpdated: "2024-08-05T19:27:40.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15351
Vulnerability from cvelistv5
Published
2018-02-15 16:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Honor V9 play |
Version: Versions earlier than Jimmy-AL00AC00B135 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:57:25.496Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Honor V9 play", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "Versions earlier than Jimmy-AL00AC00B135", }, ], }, ], datePublic: "2017-11-22T00:00:00", descriptions: [ { lang: "en", value: "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.", }, ], problemTypes: [ { descriptions: [ { description: "authentication bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-15T15:57:02", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", ID: "CVE-2017-15351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Honor V9 play", version: { version_data: [ { version_value: "Versions earlier than Jimmy-AL00AC00B135", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "authentication bypass", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2017-15351", datePublished: "2018-02-15T16:00:00", dateReserved: "2017-10-14T00:00:00", dateUpdated: "2024-08-05T19:57:25.496Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-03-09 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | honor_v9_play_firmware | * | |
| huawei | honor_v9_play | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF744446-5C60-4C66-BE6B-DD108487B46C", versionEndExcluding: "jimmy-al00ac00b135", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", matchCriteriaId: "B543AF24-5D59-4A46-AC76-0EFF314E3D1A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication.", }, { lang: "es", value: "Los smartphones Huawei Honor V9 Play con versiones anteriores a Jimmy-AL00AC00B135 tienen una vulnerabilidad de omisión de autenticación debido a un diseño incorrecto de un componente. Un atacante que consiga el smartphone de un usuario puede ejecutar operaciones específicas y eliminar la huella del teléfono sin autenticación.", }, ], id: "CVE-2017-17145", lastModified: "2024-11-21T03:17:34.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-09T17:29:00.330", references: [ { source: "psirt@huawei.com", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en", }, ], sourceIdentifier: "psirt@huawei.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-04 01:29
Modified
2025-01-14 19:29
Severity ?
Summary
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", matchCriteriaId: "B85D7A28-8CBA-4D77-AD30-DB3CA49F2F98", versionEndIncluding: "2.77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", matchCriteriaId: "588D4F37-0A56-47A4-B710-4D5F3D214FB9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*", matchCriteriaId: "7B21E9A8-CE63-42C2-A11A-94D977A96DF1", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", matchCriteriaId: "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*", matchCriteriaId: "58D3B6FD-B474-4B09-B644-A8634A629280", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", matchCriteriaId: "F892F1B0-514C-42F7-90AE-12ACDFDC1033", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*", matchCriteriaId: "0FC411C9-9A8A-49D0-B704-2207674778CB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", matchCriteriaId: "B12243B2-D726-404C-ABFF-F1AB51BA1783", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*", matchCriteriaId: "B2F3699A-38E4-4E9D-9414-411F71D9E371", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", matchCriteriaId: "54DF7A22-DF8B-4272-8EC6-48173E8860B8", versionEndExcluding: "r21.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*", matchCriteriaId: "810B05A3-29CF-464F-9E63-8238AA0651AF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*", matchCriteriaId: "22159717-67FD-4A10-9F65-4434FEC1F922", versionEndExcluding: "r24.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*", matchCriteriaId: "86D1FDAD-C594-43D9-9BF6-F7461177AB91", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "5454038C-F1F0-4061-8B5C-04A8CF1658C6", versionEndExcluding: "3.10.0.55", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CF744446-5C60-4C66-BE6B-DD108487B46C", versionEndExcluding: "jimmy-al00ac00b135", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", matchCriteriaId: "B543AF24-5D59-4A46-AC76-0EFF314E3D1A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "E861FF18-4E42-4092-81B6-0BB32679B2CF", versionEndIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DED50F-C1ED-43EB-9E63-B65F4F287F41", versionEndExcluding: "4.16.13m", versionStartIncluding: "4.16", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "B5F144E5-EFB1-47E7-A2D2-28DEE6045CF6", versionEndExcluding: "4.17.8m", versionStartIncluding: "4.17", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8F1A3AF8-D105-4F13-8921-D94DCC7DE1AF", versionEndIncluding: "4.18.4.2f", versionStartIncluding: "4.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "63C108C5-0EF5-4C6D-8D83-ADB5EED24A6F", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*", matchCriteriaId: "284DF779-D900-48B4-A177-7281CD445AB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E25B682B-83F5-4903-9138-16907DC7A859", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", matchCriteriaId: "DFB9921A-5204-40A3-88AB-B7755F5C6875", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8B2D681-1FBF-4013-B223-9878F4F1DB27", versionEndExcluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", matchCriteriaId: "E917CBBB-EF41-4113-B0CA-EB91889235E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE55F796-FA73-4992-9826-57A00F77F6CA", versionEndExcluding: "6.5.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", matchCriteriaId: "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "CFE6B116-71BB-49BF-A5EF-4460D9089511", versionEndExcluding: "6.3.1.25", versionStartIncluding: "6.3.1", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "193354A0-B108-4CA4-A1C3-F5F23147A295", versionEndExcluding: "6.4.4.16", versionStartIncluding: "6.4.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "47D1AB4F-0922-49AF-9AE5-AEB4019E652C", versionEndExcluding: "6.5.1.9", versionStartIncluding: "6.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "8F5D03FA-CE4E-4888-88E2-384986A890BA", versionEndExcluding: "6.5.3.3", versionStartIncluding: "6.5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "E39B25F2-C65B-457F-A36E-14FC8285A004", versionEndExcluding: "6.5.4.2", versionStartIncluding: "6.5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", matchCriteriaId: "00E53FE9-EA96-456A-B522-FC81DD0CCE3E", versionEndExcluding: "8.1.0.4", versionStartIncluding: "8.1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*", matchCriteriaId: "46261C28-E276-4639-BA3D-A735B02599F8", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", matchCriteriaId: "01527614-8A68-48DC-B0A0-F4AA99489221", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "65372FA7-B54B-4298-99BF-483E9FEBA253", vulnerable: true, }, { criteria: "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "3D04EA1A-F8E0-415B-8786-1C8C0F08E132", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", }, { lang: "es", value: "Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada.", }, ], id: "CVE-2017-14491", lastModified: "2025-01-14T19:29:55.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-04T01:29:02.870", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { source: "cve@mitre.org", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101085", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101977", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1039474", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-27", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42941/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { source: "cve@mitre.org", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { source: "cve@mitre.org", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4560", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://thekelleys.org.uk/dnsmasq/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2017/dsa-3989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/101977", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1039474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3430-3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2838", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/3199382", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201710-27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3989", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42941/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/973527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-15 16:29
Modified
2024-11-21 03:14
Severity ?
Summary
The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | honor_v9_play_firmware | jimmy-al00ac00b135 | |
| huawei | honor_v9_play | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:huawei:honor_v9_play_firmware:jimmy-al00ac00b135:*:*:*:*:*:*:*", matchCriteriaId: "EBD0A99C-F731-4477-AFCF-8B0D0B3AA380", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", matchCriteriaId: "B543AF24-5D59-4A46-AC76-0EFF314E3D1A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally.", }, { lang: "es", value: "La función \"Find Phone\" en los smartphones Huawei Honor V9 play con versiones anteriores a la Jimmy-AL00AC00B135 tiene una vulnerabilidad de omisión de autenticación. Esto se debe a la realización indebida de la autenticación en la función \"Find Phone\". Un atacante podría explotar esta vulnerabilidad para omitir la función \"Find Phone\" y emplear el teléfono de forma normal.", }, ], id: "CVE-2017-15351", lastModified: "2024-11-21T03:14:31.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-15T16:29:01.297", references: [ { source: "psirt@huawei.com", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", }, ], sourceIdentifier: "psirt@huawei.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }