Filtered by vendor Huawei
Subscribe
Search
Total
578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8336 | 1 Huawei | 2 Fusioncompute, Fusioncompute Firmware | 2016-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||||
| CVE-2016-6826 | 1 Huawei | 1 Anyoffice Secureapp | 2016-09-28 | 7.1 HIGH | 6.5 MEDIUM |
| Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | |||||
| CVE-2016-6840 | 1 Huawei | 1 Oceanstor Ism | 2016-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | |||||
| CVE-2016-6901 | 1 Huawei | 14 Ar100, Ar120, Ar1200 and 11 more | 2016-09-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | |||||
| CVE-2016-6824 | 1 Huawei | 8 Ac6003, Ac6003 Firmware, Ac6005 and 5 more | 2016-09-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets. | |||||
| CVE-2016-6158 | 1 Huawei | 2 Ws331a Router, Ws331a Router Firmware | 2016-09-22 | 7.1 HIGH | 6.1 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors. | |||||
| CVE-2016-6900 | 1 Huawei | 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more | 2016-09-08 | 2.1 LOW | 5.5 MEDIUM |
| The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. | |||||
| CVE-2016-6670 | 2 Huawei, Huawei Firmware | 8 S12700, S7700, S7700 Firmware and 5 more | 2016-09-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. | |||||
| CVE-2016-6898 | 1 Huawei | 1 E9000 Chassis | 2016-09-08 | 4.9 MEDIUM | 6.6 MEDIUM |
| XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document. | |||||
| CVE-2016-6839 | 1 Huawei | 1 Fusionaccess | 2016-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2016-7108 | 1 Huawei | 1 Uma | 2016-09-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | |||||
| CVE-2016-5850 | 1 Huawei | 1 Public Cloud Solution | 2016-07-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5435 | 1 Huawei | 10 Huawei Firmware, Ips Module, Ngfw Module and 7 more | 2016-06-28 | 7.1 HIGH | 5.9 MEDIUM |
| Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | |||||
| CVE-2015-8672 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2016-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | |||||
| CVE-2016-4575 | 1 Huawei | 8 Ath, Ath Firmware, Cherryplus and 5 more | 2016-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message. | |||||
| CVE-2016-3950 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2016-05-18 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | |||||
| CVE-2015-8682 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2016-04-20 | 7.8 HIGH | 6.1 MEDIUM |
| The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | |||||
| CVE-2016-1496 | 1 Huawei | 2 P8, P8 Firmware | 2016-04-14 | 7.1 HIGH | 5.5 MEDIUM |
| The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue." | |||||
| CVE-2016-3676 | 1 Huawei | 2 E3276s, E3276s Firmware | 2016-04-14 | 5.8 MEDIUM | 6.4 MEDIUM |
| Huawei E3276s USB modems with software before E3276s-150TCPU-V200R002B436D09SP00C00 allow man-in-the-middle attackers to intercept, spoof, or modify network traffic via unspecified vectors related to a fake network. | |||||
| CVE-2015-8305 | 1 Huawei | 2 P7, P7 Firmware | 2016-04-14 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. | |||||
| CVE-2016-2314 | 1 Huawei | 2 Mt882, Mt882 Firmware | 2016-03-22 | 6.3 MEDIUM | 4.9 MEDIUM |
| GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. | |||||
| CVE-2016-2214 | 1 Huawei | 1 Agile Controller-campus | 2016-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2016-01-21 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2016-01-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | |||||
| CVE-2015-8225 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2016-01-14 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226. | |||||
| CVE-2015-8303 | 1 Huawei | 1 Document Security Management | 2016-01-13 | 2.1 LOW | 4.0 MEDIUM |
| Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | |||||
| CVE-2015-8226 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2016-01-13 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | |||||
| CVE-2015-8335 | 1 Huawei | 1 Vcn500 | 2016-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | |||||