Filtered by vendor Huawei
Subscribe
Total
1774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5297 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone. | |||||
| CVE-2019-5220 | 1 Huawei | 6 Honor Magic 2, Honor Magic 2 Firmware, Mate 20 and 3 more | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2). | |||||
| CVE-2019-5221 | 1 Huawei | 2 Mate 20 X, Mate 20 X Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). | |||||
| CVE-2019-5243 | 1 Huawei | 2 Hg255s, Hg255s Firmware | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. | |||||
| CVE-2019-5239 | 1 Huawei | 2 Pcmanager\(china\), Pcmanager\(oversea\) | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. | |||||
| CVE-2019-5300 | 1 Huawei | 53 Ar1200-s Firmware, Ar1200 Firmware, Ar1200e and 50 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device. | |||||
| CVE-2019-5214 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. | |||||
| CVE-2019-5216 | 1 Huawei | 6 Honor 10, Honor 10 Firmware, Honor Play and 3 more | 2024-02-04 | 7.6 HIGH | 7.0 HIGH |
| There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. | |||||
| CVE-2019-5237 | 1 Huawei | 2 Pcmanager\(china\), Pcmanager\(oversea\) | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information. | |||||
| CVE-2019-5242 | 1 Huawei | 1 Pcmanager | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory. | |||||
| CVE-2019-5307 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107) | |||||
| CVE-2019-5295 | 1 Huawei | 2 Honor View 10, Honor View 10 Firmware | 2024-02-04 | 4.4 MEDIUM | 6.4 MEDIUM |
| Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. | |||||
| CVE-2019-5296 | 1 Huawei | 2 Mate20, Mate20 Firmware | 2024-02-04 | 1.7 LOW | 3.9 LOW |
| Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal. | |||||
| CVE-2019-5244 | 1 Huawei | 2 Mate 9 Pro, Mate 9 Pro Fimware | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) versions have an information leak vulnerability due to the lack of input validation. An attacker tricks the user who has root privilege to install an application on the smart phone, and the application can read some process information, which may cause sensitive information leak. | |||||
| CVE-2015-2254 | 1 Huawei | 2 Oceanstor Uds, Oceanstor Uds Firmware | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch. | |||||
| CVE-2019-5223 | 1 Huawei | 1 Pcmanager | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. | |||||
| CVE-2019-9506 | 8 Apple, Blackberry, Canonical and 5 more | 274 Iphone Os, Mac Os X, Tvos and 271 more | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
| The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. | |||||
| CVE-2019-5283 | 1 Huawei | 2 P20, P20 Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed. | |||||
| CVE-2019-5222 | 1 Huawei | 2 Honor Magic 2, Honor Magic 2 Firmware | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and successful exploit could result in information disclosure. | |||||
| CVE-2019-5298 | 1 Huawei | 2 Ap4050dn-e, Ap4050dn-e Firmware | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to the affected products and running a series of commands. | |||||