Filtered by vendor Huawei
Subscribe
Total
2177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4190 | 1 Huawei | 13 Campus Lsw S9700, Campus S2350, Campus S2750 and 10 more | 2025-04-12 | 7.8 HIGH | N/A |
| Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. | |||||
| CVE-2015-8083 | 1 Huawei | 7 Espace Firmware, Espace Unified Gateway U1910, Espace Unified Gateway U1911 and 4 more | 2025-04-12 | 7.8 HIGH | N/A |
| An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows remote attackers to cause a denial of service (out-of-bounds memory access and device restart) via unknown vectors. | |||||
| CVE-2016-4086 | 1 Huawei | 1 Hisuite | 2025-04-12 | 2.9 LOW | 5.3 MEDIUM |
| Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||||
| CVE-2015-7254 | 1 Huawei | 3 Hg532e, Hg532n, Hg532s | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI. | |||||
| CVE-2014-8331 | 1 Huawei | 2 E3236 Firmware, E3276 Firmware | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | |||||
| CVE-2016-1495 | 1 Huawei | 2 Mate S, Mate S Firmware | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-6192 | 1 Huawei | 1 P8 Smartphone Firmware | 2025-04-12 | 9.3 HIGH | 7.3 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. | |||||
| CVE-2016-4057 | 1 Huawei | 1 Fusioncompute | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |||||
| CVE-2016-5821 | 1 Huawei | 1 Hisuite | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. | |||||
| CVE-2015-8319 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8318. | |||||
| CVE-2015-8086 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | |||||
| CVE-2016-8278 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||||
| CVE-2016-3680 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. | |||||
| CVE-2016-6669 | 1 Huawei | 8 Usg2100, Usg2100 Firmware, Usg2200 and 5 more | 2025-04-12 | 7.1 HIGH | 7.5 HIGH |
| Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. | |||||
| CVE-2015-8333 | 1 Huawei | 1 Vcn500 | 2025-04-12 | 5.5 MEDIUM | 7.1 HIGH |
| The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | |||||
| CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2025-04-12 | 2.1 LOW | 6.2 MEDIUM |
| Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
| CVE-2015-8228 | 1 Huawei | 10 Ar120, Ar1200, Ar150 and 7 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors. | |||||
| CVE-2014-2273 | 1 Huawei | 2 P2-6011, P2-6011 Firmware | 2025-04-12 | 7.2 HIGH | N/A |
| The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | |||||
| CVE-2015-8226 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | |||||
| CVE-2014-9134 | 1 Huawei | 2 Honor Cube Wireless Router Ws860s, Honor Cube Wireless Router Ws860s Firewall | 2025-04-12 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||||