CVE-2019-5299

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-347
View all →

Vulnerability Description

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.

Related Vulnerabilities

CVE-2002-1796

HIGH
CVSS:7.8(High)

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

CWE-3472002

CVE-2014-9934

HIGH
CVSS:7.8(High)

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.

CWE-3472014

CVE-2016-11044

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsu...

CWE-3472016

CVE-2018-10988

HIGH
CVSS:7.8(High)

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, wi...

CWE-3472018

CVE-2018-18653

HIGH
CVSS:7.8(High)

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading...

CWE-3472018

CVE-2019-0071

HIGH
CVSS:7.8(High)

Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Ser...

CWE-3472019