Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 2112 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8231 1 Huawei 2 Espace 7910, Espace 7950 2025-04-12 7.8 HIGH 7.5 HIGH
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets.
CVE-2016-6670 2 Huawei, Huawei Firmware 8 S12700, S7700, S7700 Firmware and 5 more 2025-04-12 5.0 MEDIUM 5.3 MEDIUM
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate.
CVE-2016-7108 1 Huawei 1 Uma 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
CVE-2016-6900 1 Huawei 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more 2025-04-12 2.1 LOW 5.5 MEDIUM
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors.
CVE-2014-2946 1 Huawei 3 E303 Modem, E303 Modem Firmware, Webui 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document.
CVE-2016-1496 1 Huawei 2 P8, P8 Firmware 2025-04-12 7.1 HIGH 5.5 MEDIUM
The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue."
CVE-2015-8336 1 Huawei 1 Fusioncompute 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.
CVE-2016-2855 1 Huawei 1 Mobile Broadband Hl Service 2025-04-12 7.2 HIGH 7.8 HIGH
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.
CVE-2016-5368 1 Huawei 2 Ar3200, Ar3200 Firmware 2025-04-12 7.8 HIGH 7.5 HIGH
Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.
CVE-2016-1495 1 Huawei 2 Mate S, Mate S Firmware 2025-04-12 9.3 HIGH 7.8 HIGH
Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow.
CVE-2016-6181 1 Huawei 2 Honor 4c, Honor 4c Firmware 2025-04-12 6.9 MEDIUM 7.0 HIGH
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184.
CVE-2016-3675 1 Huawei 2 Policy Center, Policy Center Firmware 2025-04-12 6.5 MEDIUM 8.1 HIGH
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
CVE-2015-8230 1 Huawei 1 Espace 8950 2025-04-12 7.8 HIGH 7.5 HIGH
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets.
CVE-2014-2968 1 Huawei 3 E355, E355 Firmware, E355 Web Ui 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary web script or HTML via an SMS message.
CVE-2016-8276 1 Huawei 4 Usg2100, Usg2200, Usg5100 and 1 more 2025-04-12 9.3 HIGH 9.8 CRITICAL
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication.
CVE-2015-8304 1 Huawei 2 P7, P7 Firmware 2025-04-12 9.3 HIGH 7.8 HIGH
Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission.
CVE-2014-9417 1 Huawei 1 Espace Desktop 2025-04-12 2.1 LOW N/A
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
CVE-2015-8303 1 Huawei 1 Document Security Management 2025-04-12 2.1 LOW 4.0 MEDIUM
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
CVE-2015-1460 1 Huawei 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more 2025-04-12 7.5 HIGH N/A
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more 2025-04-12 5.0 MEDIUM N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.