Filtered by vendor Huawei
Subscribe
Total
1774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22307 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. | |||||
CVE-2021-22301 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. | |||||
CVE-2020-9140 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs. | |||||
CVE-2020-9142 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file. | |||||
CVE-2020-9238 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
CVE-2021-22293 | 1 Huawei | 4 Campusinsight, Manageone, Taurus-al00a and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1). | |||||
CVE-2021-22321 | 1 Huawei | 28 Nip6300, Nip6300 Firmware, Nip6600 and 25 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. | |||||
CVE-2020-9114 | 1 Huawei | 1 Fusioncompute | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | |||||
CVE-2020-9120 | 1 Huawei | 1 Cloudengine 1800v | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can't be forwarded normally. | |||||
CVE-2020-9109 | 1 Huawei | 12 Laya-al00ep, Laya-al00ep Firmware, Mate 20 and 9 more | 2024-02-04 | 1.9 LOW | 4.6 MEDIUM |
There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). | |||||
CVE-2020-9128 | 1 Huawei | 1 Fusioncompute | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. | |||||
CVE-2021-22303 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. | |||||
CVE-2021-22309 | 1 Huawei | 8 Usg9500, Usg9500 Firmware, Usg9520 and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00. | |||||
CVE-2020-9207 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. | |||||
CVE-2020-9119 | 1 Huawei | 10 Mate 10, Mate 10 Firmware, Mate 30 and 7 more | 2024-02-04 | 4.6 MEDIUM | 6.2 MEDIUM |
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion. | |||||
CVE-2020-9138 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating. | |||||
CVE-2020-9145 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory. | |||||
CVE-2020-9200 | 1 Huawei | 1 Imanager Neteco 6000 | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
CVE-2020-9105 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal. | |||||
CVE-2020-9118 | 1 Huawei | 2 Ais-bw80h-00, Ais-bw80h-00 Firmware | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). |