Filtered by vendor Huawei
Subscriptions
Total
2226 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15311 | 1 Huawei | 8 Mate 10, Mate 10 Firmware, Mate 10 Pro and 5 more | 2025-04-20 | N/A |
| The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. | ||||
| CVE-2017-8120 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | ||||
| CVE-2016-8803 | 1 Huawei | 1 Fusionstorage | 2025-04-20 | N/A |
| The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | ||||
| CVE-2016-8801 | 1 Huawei | 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware | 2025-04-20 | N/A |
| Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege. | ||||
| CVE-2016-8798 | 1 Huawei | 2 Usg5500, Usg5500 Firmware | 2025-04-20 | N/A |
| Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. | ||||
| CVE-2016-8794 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2025-04-20 | N/A |
| Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | ||||
| CVE-2017-2739 | 1 Huawei | 1 Vmall | 2025-04-20 | N/A |
| The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | ||||
| CVE-2016-8793 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2025-04-20 | N/A |
| Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | ||||
| CVE-2016-8792 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2025-04-20 | N/A |
| Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | ||||
| CVE-2017-8122 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | ||||
| CVE-2017-2702 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | N/A |
| Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of the phone. | ||||
| CVE-2017-15318 | 1 Huawei | 10 Rp200, Rp200 Firmware, Te30 and 7 more | 2025-04-20 | N/A |
| RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | ||||
| CVE-2017-2706 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | N/A |
| Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service. | ||||
| CVE-2017-15322 | 1 Huawei | 2 Baggio-l03a, Baggio-l03a Firmware | 2025-04-20 | N/A |
| Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | ||||
| CVE-2017-8194 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | ||||
| CVE-2017-2711 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2025-04-20 | N/A |
| P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. | ||||
| CVE-2017-15328 | 1 Huawei | 2 Hg8245h, Hg8245h Firmware | 2025-04-20 | N/A |
| Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. | ||||
| CVE-2016-8796 | 1 Huawei | 6 Usg9520, Usg9520 Firmware, Usg9560 and 3 more | 2025-04-20 | N/A |
| Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. | ||||
| CVE-2016-8758 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-20 | N/A |
| ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | ||||
| CVE-2015-8334 | 1 Huawei | 2 Vcn500, Vcn500 Firmware | 2025-04-20 | N/A |
| SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | ||||