Filtered by vendor Huawei
Subscribe
Total
1867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2702 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. | |||||
| CVE-2017-8173 | 1 Huawei | 12 Maya-l02, Maya-l02 Firmware, Vicky-al00a and 9 more | 2019-10-03 | 2.1 LOW | 4.6 MEDIUM |
| Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2017-17164 | 1 Huawei | 2 Secospace Antiddos8000, Secospace Antiddos8000 Firmware | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak vulnerability due to memory don't be released when the system open some function. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. | |||||
| CVE-2018-7939 | 1 Huawei | 8 G9 Lite, G9 Lite Firmware, Honor 5a and 5 more | 2019-10-03 | 4.9 MEDIUM | 4.6 MEDIUM |
| Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions before CAM-L21C223B133, the versions before CAM-L21C432B210, the versions before CAM-L21C464B170, the versions before CAM-L21C636B245, the versions before Berlin-L21C10B372, the versions before Berlin-L21C185B363, the versions before Berlin-L21C464B137, the versions before Berlin-L23C605B161, the versions before FRD-L09C10B387, the versions before FRD-L09C185B387, the versions before FRD-L09C432B398, the versions before FRD-L09C636B387, the versions before FRD-L19C10B387, the versions before FRD-L19C432B399, the versions before FRD-L19C636B387 have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can disable the boot wizard by enable the talkback function. As a result, the FRP function is bypassed. | |||||
| CVE-2017-17323 | 1 Huawei | 2 Ibmc, Ibmc Firmware | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure. | |||||
| CVE-2017-8206 | 1 Huawei | 2 Honor 7 Lite, Honor 7 Lite Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily. | |||||
| CVE-2017-8166 | 1 Huawei | 2 Honor V9, Honor V9 Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone. | |||||
| CVE-2019-5280 | 1 Huawei | 2 Cloudlink Phone 7900, Cloudlink Phone 7900 Firmware | 2019-08-27 | 5.8 MEDIUM | 6.5 MEDIUM |
| The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones. | |||||
| CVE-2019-5223 | 1 Huawei | 1 Pcmanager | 2019-08-16 | 6.8 MEDIUM | 7.8 HIGH |
| PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. | |||||
| CVE-2019-5236 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2019-08-15 | 6.8 MEDIUM | 6.3 MEDIUM |
| Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. | |||||
| CVE-2019-5285 | 1 Huawei | 28 S12700, S12700 Firmware, S1700 and 25 more | 2019-07-26 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109) | |||||
| CVE-2019-5221 | 1 Huawei | 2 Mate 20 X, Mate 20 X Firmware | 2019-07-18 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1). | |||||
| CVE-2015-8677 | 1 Huawei | 26 S2300, S2300 Firmware, S2350ei and 23 more | 2019-06-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH008, and V200R006C00 before V200R006SPH002; S9300, S7700, and S9700 Campus series switches with software V200R003C00 before V200R003SPH011, V200R005C00 before V200R005SPH009, and V200R006C00 before V200R006SPH003; S5720HI and S5720EI Campus series switches with software V200R006C00 before V200R006SPH002; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote authenticated users to cause a denial of service (memory consumption and device restart) by logging in and out of the (1) HTTPS or (2) SFTP server, related to SSL session information. | |||||
| CVE-2015-8676 | 1 Huawei | 22 S2300, S2300 Firmware, S2350ei and 19 more | 2019-06-20 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; S9300, S7700, and S9700 Campus series switches with software V200R001C00 before V200R001SPH023, V200R002C00 before V200R003SPH011, and V200R003C00 before V200R003SPH011; and S2300 and S3300 Campus series switches with software V100R006C05 before V100R006SPH022 allows remote attackers to cause a denial of service (memory consumption and reboot) via a large number of ICMPv6 packets. | |||||
| CVE-2019-5286 | 1 Huawei | 1 Hedex Lite | 2019-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. | |||||
| CVE-2019-5219 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2019-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. | |||||
| CVE-2019-5216 | 1 Huawei | 6 Honor 10, Honor 10 Firmware, Honor Play and 3 more | 2019-06-10 | 7.6 HIGH | 7.0 HIGH |
| There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code. | |||||
| CVE-2019-5214 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2019-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition. | |||||
| CVE-2019-5305 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2019-06-10 | 7.1 HIGH | 5.5 MEDIUM |
| The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. | |||||
| CVE-2019-5300 | 1 Huawei | 53 Ar1200-s Firmware, Ar1200 Firmware, Ar1200e and 50 more | 2019-06-05 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device. | |||||