Filtered by vendor Huawei
Subscribe
Total
1604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2019-05-20 | 2.1 LOW | N/A |
| The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||||
| CVE-2014-9416 | 1 Huawei | 1 Espace Desktop | 2019-05-20 | 4.4 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. | |||||
| CVE-2015-2254 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2019-03-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch. | |||||
| CVE-2018-7900 | 1 Huawei | 12 Hg8010h, Hg8010h Firmware, Hg8040h and 9 more | 2019-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability. | |||||
| CVE-2018-7961 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2019-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak. | |||||
| CVE-2014-5395 | 1 Huawei | 4 E3236 Firmware, E3276 Firmware, E5180s-22 Firmware and 1 more | 2019-01-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. | |||||
| CVE-2018-7987 | 1 Huawei | 2 P20, P20 Firmware | 2018-12-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition. | |||||
| CVE-2018-7958 | 1 Huawei | 2 Espace 7950, Espace 7950 Firmware | 2018-12-20 | 5.8 MEDIUM | 7.4 HIGH |
| There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. | |||||
| CVE-2018-7977 | 1 Huawei | 1 Fusionsphere Openstack | 2018-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage. | |||||
| CVE-2018-7946 | 1 Huawei | 4 Honor 7a, Honor 7a Firmware, Honor 9 Lite and 1 more | 2018-12-19 | 1.9 LOW | 4.3 MEDIUM |
| There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak. | |||||
| CVE-2015-7254 | 1 Huawei | 3 Hg532e, Hg532n, Hg532s | 2018-12-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||||
| CVE-2018-7910 | 1 Huawei | 10 Alp-al00b, Alp-al00b Firmware, Alp-tl00b and 7 more | 2018-12-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. | |||||
| CVE-2018-7921 | 1 Huawei | 2 B315s-22, B315s-22 Firmware | 2018-12-12 | 3.3 LOW | 6.5 MEDIUM |
| Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information. | |||||
| CVE-2018-7989 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2018-12-06 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked. | |||||
| CVE-2018-7907 | 1 Huawei | 38 Agassi-l09, Agassi-l09 Firmware, Agassi-w09 and 35 more | 2018-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D001, AGS-W09C794B001CUSTC794D001, Baggio2-U01A BG2-U01C100B160CUSTC100D001, BG2-U01C170B160CUSTC170D001, BG2-U01C199B162CUSTC199D001, BG2-U01C209B160CUSTC209D001, BG2-U01C333B160CUSTC333D001, Bond-AL00C Bond-AL00CC00B201, Bond-AL10B Bond-AL10BC00B201, Bond-TL10B Bond-TL10BC01B201, Bond-TL10C Bond-TL10CC01B131, Haydn-L1JB HDN-L1JC137B068, Kobe-L09A KOB-L09C100B252CUSTC100D001, KOB-L09C209B002CUSTC209D001, KOB-L09C362B001CUSTC362D001, Kobe-L09AHN KOB-L09C233B226, Kobe-W09C KOB-W09C128B251CUSTC128D001, LelandP-L22C 8.0.0.101(C675CUSTC675D2), LelandP-L22D 8.0.0.101(C675CUSTC675D2), Rhone-AL00 Rhone-AL00C00B186, Selina-L02 Selina-L02C432B153, Stanford-L09S Stanford-L09SC432B183, Toronto-AL00 Toronto-AL00C00B223, Toronto-AL00A Toronto-AL00AC00B223, Toronto-TL10 Toronto-TL10C01B223 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the input, successful exploitation can cause sensitive information leak. | |||||
| CVE-2018-7906 | 1 Huawei | 4 Leland-al00, Leland-al00 Firmware, Lleland-al00a and 1 more | 2018-11-27 | 7.1 HIGH | 5.5 MEDIUM |
| Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Due to insufficient verification of the parameter, successful exploitation can cause the smartphone black screen until restarting the phone. | |||||
| CVE-2018-7922 | 1 Huawei | 2 Alp-l09, Alp-l09 Firmware | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. | |||||
| CVE-2018-7923 | 1 Huawei | 2 Alp-l09, Alp-l09 Firmware | 2018-11-20 | 9.3 HIGH | 7.8 HIGH |
| Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code. | |||||
| CVE-2018-7938 | 1 Huawei | 2 P10, P10 Firmware | 2018-10-26 | 4.3 MEDIUM | 3.3 LOW |
| P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can read some hardware serial number, which may cause sensitive information leak. | |||||
| CVE-2017-17312 | 1 Huawei | 8 Usg2205bsr, Usg2205bsr Firmware, Usg2220bsr and 5 more | 2018-10-12 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | |||||