Filtered by vendor Huawei
Subscribe
Total
2282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5230 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | |||||
| CVE-2015-8087 | 1 Huawei | 6 Ne20e-s, Ne40e, Ne40e-m and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct flooding attacks via a crafted MPLS forwarding packet, aka a "VPN routing and forwarding (VRF) hopping vulnerability." | |||||
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2025-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | |||||
| CVE-2016-2780 | 1 Huawei | 1 Utps Firmware | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-4057 | 1 Huawei | 1 Fusioncompute | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |||||
| CVE-2013-6031 | 1 Huawei | 2 E355, E355 Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings. | |||||
| CVE-2015-7845 | 1 Huawei | 7 Espace Firmware, Espace Unified Gateway U1910, Espace Unified Gateway U1911 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. | |||||
| CVE-2016-6181 | 1 Huawei | 2 Honor 4c, Honor 4c Firmware | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
| The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184. | |||||
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2025-04-12 | 2.1 LOW | N/A |
| The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||||
| CVE-2016-2314 | 1 Huawei | 2 Mt882, Mt882 Firmware | 2025-04-12 | 6.3 MEDIUM | 4.9 MEDIUM |
| GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. | |||||
| CVE-2016-4576 | 1 Huawei | 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." | |||||
| CVE-2015-8304 | 1 Huawei | 2 P7, P7 Firmware | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. | |||||
| CVE-2016-3678 | 1 Huawei | 10 S5300, S5300 Firmware, S5700 and 7 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||||
| CVE-2016-5366 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | |||||
| CVE-2016-5367 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. | |||||
| CVE-2016-8276 | 1 Huawei | 4 Usg2100, Usg2200, Usg5100 and 1 more | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. | |||||
| CVE-2016-5231 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.8 HIGH |
| Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. | |||||
| CVE-2015-8305 | 1 Huawei | 2 P7, P7 Firmware | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. | |||||
| CVE-2016-6669 | 1 Huawei | 8 Usg2100, Usg2100 Firmware, Usg2200 and 5 more | 2025-04-12 | 7.1 HIGH | 7.5 HIGH |
| Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet. | |||||
| CVE-2015-8673 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2025-04-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | |||||