Filtered by vendor Huawei
Subscribe
Total
1774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22299 | 1 Huawei | 5 Imaster Mae-m, Manageone, Network Functions Virtualization Fusionsphere and 2 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220. | |||||
| CVE-2020-9205 | 1 Huawei | 1 Manageone | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2020-9111 | 1 Huawei | 4 E6878-370, E6878-370 Firmware, E6878-870 and 1 more | 2024-02-04 | 2.7 LOW | 4.5 MEDIUM |
| E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. | |||||
| CVE-2021-22306 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service. | |||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
| CVE-2020-9084 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-02-04 | 4.6 MEDIUM | 6.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2021-22300 | 1 Huawei | 2 Ecns280 Td, Ecns280 Td Firmware | 2024-02-04 | 1.9 LOW | 4.1 MEDIUM |
| There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. | |||||
| CVE-2020-9202 | 1 Huawei | 1 Te Mobile | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-9213 | 1 Huawei | 16 Ngfw Module, Ngfw Module Firmware, Nip6300 and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions of NGFW Module, NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500. | |||||
| CVE-2020-9129 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. | |||||
| CVE-2020-9143 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure. | |||||
| CVE-2021-22320 | 1 Huawei | 14 Ips Module, Ips Module Firmware, Ngfw Module and 11 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS Module, NGFW Module, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600. | |||||
| CVE-2020-9137 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. | |||||
| CVE-2020-9124 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. | |||||
| CVE-2020-9223 | 1 Huawei | 8 Honor 20 Pro, Honor 20 Pro Firmware, Princeton-al10d and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module. | |||||
| CVE-2020-9127 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2020-9112 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. | |||||
| CVE-2021-22298 | 1 Huawei | 1 Manageone | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. | |||||
| CVE-2020-9116 | 1 Huawei | 1 Fusioncompute | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. | |||||
| CVE-2020-9125 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. | |||||