Filtered by vendor Huawei
Subscribe
Search
Total
1474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19417 | 1 Huawei | 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | |||||
| CVE-2019-5293 | 1 Huawei | 32 Ar120-s, Ar120-s Firmware, Ar1200 and 29 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal. | |||||
| CVE-2020-9235 | 1 Huawei | 20 Honor 20 Pro, Honor 20 Pro Firmware, Honor View 20 and 17 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C01E160R2P11);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier than 10.1.0.160(C00E160R8P12);Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.225(C431E3R1P2),Versions earlier than 10.1.0.225(C432E3R1P2) contain an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerability to obtain some information. This can lead to information leak. | |||||
| CVE-2020-1785 | 1 Huawei | 8 Honor 10, Honor 10 Firmware, Honor V10 and 5 more | 2021-07-21 | 7.1 HIGH | 5.5 MEDIUM |
| Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone. | |||||
| CVE-2019-5228 | 1 Huawei | 6 Honor V20, Honor V20 Firmware, P30 and 3 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. | |||||
| CVE-2020-1881 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. | |||||
| CVE-2020-9251 | 1 Huawei | 2 Mate 20, P30 Firmware | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8). | |||||
| CVE-2020-9070 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure. | |||||
| CVE-2020-9258 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak. | |||||
| CVE-2020-1836 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-1841 | 1 Huawei | 8 Cloudlink Board, Cloudlink Board Firmware, Dp300 and 5 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. | |||||
| CVE-2020-9110 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-9199 | 1 Huawei | 6 B2368-22, B2368-22 Firmware, B2368-57 and 3 more | 2021-07-21 | 7.7 HIGH | 6.8 MEDIUM |
| B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. | |||||
| CVE-2020-1835 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure. | |||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | |||||
| CVE-2019-5227 | 1 Huawei | 8 Hisuite, Hisuite Firmware, Mate 20 and 5 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version. | |||||
| CVE-2020-9090 | 1 Huawei | 1 Fusionaccess | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. | |||||
| CVE-2020-9075 | 1 Huawei | 5 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 Firmware and 2 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. | |||||
| CVE-2020-9141 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. | |||||
| CVE-2020-1791 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode. | |||||
| CVE-2020-1860 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. | |||||
| CVE-2020-9254 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. | |||||
| CVE-2021-22340 | 1 Huawei | 2 Manageone, Smc2.0 | 2021-07-07 | 4.7 MEDIUM | 4.1 MEDIUM |
| There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931 | |||||
| CVE-2021-22329 | 1 Huawei | 14 S12700, S12700 Firmware, S1700 and 11 more | 2021-07-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect integrity of the device. Affected product versions include:S12700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S1700 V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S2700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S5700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S6700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10,V200R011C10SPC100;S7700 V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10;S9700 V200R007C01,V200R007C01B102,V200R008C00,V200R010C00SPC300,V200R011C00,V200R011C00SPC100,V200R011C10. | |||||
| CVE-2021-22347 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. | |||||
| CVE-2020-9158 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Missing Cryptographic Step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS of Samgr. | |||||
| CVE-2021-22343 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-22344 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause temporary DoS. | |||||
| CVE-2021-22352 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. | |||||
| CVE-2021-22345 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds memory write. | |||||
| CVE-2021-22348 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute. | |||||
| CVE-2021-22350 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart. | |||||
| CVE-2021-22349 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insufficient input verification may cause the system to restart. | |||||
| CVE-2021-22346 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. | |||||
| CVE-2021-22353 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart. | |||||
| CVE-2021-22368 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. | |||||
| CVE-2021-22374 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. | |||||
| CVE-2021-22373 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service integrity and availability. | |||||
| CVE-2021-22371 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22372 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22375 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality,availability and integrity. | |||||
| CVE-2021-22380 | 1 Huawei | 1 Emui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. | |||||
| CVE-2021-22323 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 10.0 HIGH | 9.8 CRITICAL |
| There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. | |||||
| CVE-2021-22369 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 9.3 HIGH | 8.1 HIGH |
| There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user. | |||||
| CVE-2021-22341 | 1 Huawei | 14 Ips Module, Ips Module Firmware, Ngfw Module and 11 more | 2021-07-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200. | |||||
| CVE-2021-22338 | 1 Huawei | 2 Ecns280, Ecns280 Firmware | 2021-07-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service. | |||||
| CVE-2021-22439 | 1 Huawei | 1 Anyoffice | 2021-07-02 | 9.3 HIGH | 8.1 HIGH |
| There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. | |||||
| CVE-2021-22354 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-22382 | 1 Huawei | 4 E3372, E3372 Firmware, E8372 and 1 more | 2021-06-29 | 4.4 MEDIUM | 6.5 MEDIUM |
| Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00. | |||||
| CVE-2021-22383 | 1 Huawei | 4 Ecns280 Td, Ecns280 Td Firmware, Ese620x Vess and 1 more | 2021-06-29 | 6.8 MEDIUM | 4.9 MEDIUM |
| There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS). | |||||