Filtered by vendor Huawei
Subscribe
Total
2112 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41599 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
CVE-2022-41596 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. | |||||
CVE-2022-41591 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. | |||||
CVE-2022-41590 | 1 Huawei | 1 Harmonyos | 2025-04-16 | N/A | 5.5 MEDIUM |
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. | |||||
CVE-2016-2214 | 1 Huawei | 1 Agile Controller-campus | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2016-6192 | 1 Huawei | 1 P8 Smartphone Firmware | 2025-04-12 | 9.3 HIGH | 7.3 HIGH |
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | |||||
CVE-2015-2347 | 1 Huawei | 1 Seq Analyst | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/. | |||||
CVE-2014-0337 | 1 Huawei | 2 Echo Life, Echo Life Hg8247 Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view. | |||||
CVE-2016-5234 | 1 Huawei | 6 Rse6500, Rse6500 Firmware, Vp9600 Series Firmware and 3 more | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054. | |||||
CVE-2016-2780 | 1 Huawei | 1 Utps Firmware | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-5366 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | |||||
CVE-2016-5367 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. | |||||
CVE-2016-4577 | 1 Huawei | 10 Ngfw Module, Ngfw Module Firmware, Secospace Usg6300 and 7 more | 2025-04-12 | 6.8 MEDIUM | 7.5 HIGH |
Buffer overflow in the Smart DNS functionality in the Huawei NGFW Module and Secospace USG6300, USG6500, USG6600, and USG9500 firewalls with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." | |||||
CVE-2016-3678 | 1 Huawei | 10 S5300, S5300 Firmware, S5700 and 7 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||||
CVE-2015-8331 | 1 Huawei | 1 Vcn500 | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | |||||
CVE-2015-8318 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319. | |||||
CVE-2016-6184 | 1 Huawei | 2 Honor 4c, Honor 4c Firmware | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183. | |||||
CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2025-04-12 | 4.6 MEDIUM | 6.8 MEDIUM |
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | |||||
CVE-2016-4005 | 1 Huawei | 1 Hilink App | 2025-04-12 | 7.5 HIGH | 5.5 MEDIUM |
The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
CVE-2014-2273 | 1 Huawei | 2 P2-6011, P2-6011 Firmware | 2025-04-12 | 7.2 HIGH | N/A |
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. |