Filtered by vendor Huawei
Subscribe
Total
1774 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6670 | 2 Huawei, Huawei Firmware | 8 S12700, S7700, S7700 Firmware and 5 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. | |||||
CVE-2016-7107 | 1 Huawei | 1 Uma | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. | |||||
CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2024-02-04 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||||
CVE-2015-8333 | 1 Huawei | 1 Vcn500 | 2024-02-04 | 5.5 MEDIUM | 7.1 HIGH |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | |||||
CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | |||||
CVE-2016-6183 | 1 Huawei | 2 Honor 4c, Honor 4c Firmware | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6184. | |||||
CVE-2016-5230 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | |||||
CVE-2015-8303 | 1 Huawei | 1 Document Security Management | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | |||||
CVE-2016-6839 | 1 Huawei | 1 Fusionaccess | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2015-8335 | 1 Huawei | 1 Vcn500 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | |||||
CVE-2016-4087 | 1 Huawei | 4 S12700, S12700 Firmware, S5700 and 1 more | 2024-02-04 | 5.1 MEDIUM | 8.1 HIGH |
Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. | |||||
CVE-2015-8231 | 1 Huawei | 2 Espace 7910, Espace 7950 | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. | |||||
CVE-2016-1495 | 1 Huawei | 2 Mate S, Mate S Firmware | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow. | |||||
CVE-2016-5821 | 1 Huawei | 1 Hisuite | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. | |||||
CVE-2015-3912 | 1 Huawei | 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui | 2024-02-04 | 5.0 MEDIUM | N/A |
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | |||||
CVE-2016-2214 | 1 Huawei | 1 Agile Controller-campus | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2016-2231 | 1 Huawei | 2 Mt882, Mt882 Firmware | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701. | |||||
CVE-2016-6181 | 1 Huawei | 2 Honor 4c, Honor 4c Firmware | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184. | |||||
CVE-2016-6518 | 1 Huawei | 16 S12700, S12700 Firmware, S5300 and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets. | |||||
CVE-2016-6825 | 1 Huawei | 12 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 9 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms." |