Mate_20_pro_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Mate_20_pro_firmware
(Huawei)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	9

Date	Id	Summary	Products	Score	Patch	Annotated
2020-02-13	CVE-2020-0022	In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715	Android, Honor_8a_firmware, Honor_8x_firmware, Honor_view_20_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, Mate_30_5g_firmware, Mate_30_firmware, Mate_30_pro_5g_firmware, Mate_30_pro_firmware, Nova_3_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, P_smart_2019_firmware, P_smart_firmware, Y6_2019_firmware, Y6_pro_2019_firmware, Y9_2019_firmware	8.8
2019-08-14	CVE-2019-9506	The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.	Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Android, Alp\-Al00b_firmware, Ares\-Al00b_firmware, Ares\-Al10d_firmware, Ares\-Tl00c_firmware, Asoka\-Al00ax_firmware, Atomu\-L33_firmware, Atomu\-L41_firmware, Atomu\-L42_firmware, Barca\-Al00_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Berkeley\-Tl10_firmware, Bla\-Al00b_firmware, Bla\-L29c_firmware, Bla\-Tl00b_firmware, Cairogo\-L22_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-Al10i_firmware, Columbia\-L29d_firmware, Columbia\-Tl00d_firmware, Cornell\-Al00a_firmware, Cornell\-Al00i_firmware, Cornell\-Al00ind_firmware, Cornell\-Al10ind_firmware, Cornell\-L29a_firmware, Cornell\-Tl10b_firmware, Dubai\-Al00a_firmware, Dura\-Al00a_firmware, Dura\-Tl00a_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Figo\-L23_firmware, Figo\-L31_firmware, Figo\-Tl10b_firmware, Florida\-Al20b_firmware, Florida\-L21_firmware, Florida\-L22_firmware, Florida\-L23_firmware, Florida\-Tl10b_firmware, Harry\-Al00c_firmware, Harry\-Al10b_firmware, Harry\-Tl00c_firmware, Hima\-L29c_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_20_pro_firmware, Honor_8a_firmware, Honor_8x_firmware, Honor_view_10_firmware, Honor_view_20_firmware, Imanager_neteco_6000_firmware, Imanager_neteco_firmware, Jakarta\-Al00a_firmware, Johnson\-Tl00d_firmware, Johnson\-Tl00f_firmware, Katyusha\-Al00a_firmware, Laya\-Al00ep_firmware, Leland\-L21a_firmware, Leland\-L31a_firmware, Leland\-L32a_firmware, Leland\-L32c_firmware, Leland\-L42a_firmware, Leland\-L42c_firmware, Leland\-Tl10b_firmware, Leland\-Tl10c_firmware, Lelandp\-Al00c_firmware, Lelandp\-Al10b_firmware, Lelandp\-Al10d_firmware, Lelandp\-L22a_firmware, Lelandp\-L22c_firmware, Lelandp\-L22d_firmware, London\-Al40ind_firmware, Madrid\-Al00a_firmware, Madrid\-Tl00a_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, Neo\-Al00d_firmware, Nova_3_firmware, Nova_4_firmware, Nova_5_firmware, Nova_5i_pro_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, P_smart_2019_firmware, P_smart_firmware, Paris\-Al00ic_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Potter\-Al00c_firmware, Potter\-Al10a_firmware, Princeton\-Al10b_firmware, Princeton\-Al10d_firmware, Princeton\-Tl10c_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydney\-Tl00_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Tony\-Al00b_firmware, Tony\-Tl00b_firmware, Y5_2018_firmware, Y5_lite_firmware, Y6_2019_firmware, Y6_prime_2018_firmware, Y6_pro_2019_firmware, Y7_2019_firmware, Y9_2019_firmware, Yale\-Al00a_firmware, Yale\-Al50a_firmware, Yale\-L21a_firmware, Yale\-L61c_firmware, Yale\-Tl00b_firmware, Yalep\-Al10b_firmware, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_eus, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_tus, Mrg_realtime, Virtualization_host_eus	8.1
2020-08-11	CVE-2020-9244	HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI Mate 20 RS versions Versions earlier than...	Honor_20_firmware, Honor_20_pro_firmware, Honor_magic_2_firmware, Honor_v20_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, P30_firmware, P30_pro_firmware	6.8
2021-07-13	CVE-2021-22440	There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI...	Hima\-L29c_firmware, Laya\-Al00ep_firmware, Mate_20_firmware, Mate_20_pro_firmware, Oxfords\-An00a_firmware, Tony\-Al00b_firmware	4.6
2020-12-07	CVE-2020-9247	There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B,...	Hima\-L29c_firmware, Honor_20_pro_firmware, Laya\-Al00ep_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_x_firmware, P30_firmware, P30_pro_firmware, Princeton\-Al10b_firmware, Tony\-Al00b_firmware, Yale\-L61a_firmware, Yale\-Tl00b_firmware, Yalep\-Al10b_firmware	7.8
2020-04-27	CVE-2019-5303	There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)...	Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware	N/A
2020-04-27	CVE-2019-5302	There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8)...	Alp\-Al00b_firmware, Alp\-L09_firmware, Alp\-L29_firmware, Berkeley\-Al20_firmware, Berkeley\-L09_firmware, Bla\-L29c_firmware, Charlotte\-L09c_firmware, Charlotte\-L29c_firmware, Columbia\-Al10b_firmware, Columbia\-L29d_firmware, Cornell\-Al00a_firmware, Cornell\-L29a_firmware, Emily\-L09c_firmware, Emily\-L29c_firmware, Ever\-L29b_firmware, Honor_10_lite_firmware, Honor_20_firmware, Honor_8x_firmware, Honor_magic2_firmware, Honor_v20_firmware, Honor_view_20_firmware, Jackman\-L22_firmware, Mate_20_firmware, Mate_20_pro_firmware, Mate_20_rs_firmware, Mate_20_x_firmware, Nova_lite_3_firmware, P20_firmware, P20_pro_firmware, P30_firmware, P30_pro_firmware, Paris\-L21b_firmware, Paris\-L21meb_firmware, Paris\-L29b_firmware, Sydney\-Al00_firmware, Sydney\-L21_firmware, Sydney\-L21br_firmware, Sydney\-L22_firmware, Sydney\-L22br_firmware, Sydneym\-Al00_firmware, Sydneym\-L01_firmware, Sydneym\-L03_firmware, Sydneym\-L21_firmware, Sydneym\-L22_firmware, Sydneym\-L23_firmware, Y9_2019_firmware, Yale\-L21a_firmware	N/A
2020-01-09	CVE-2020-1786	HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.	Mate_20_pro_firmware	N/A
2019-12-13	CVE-2019-5250	Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function.	Mate_20_pro_firmware	N/A