Filtered by vendor Huawei
Subscribe
Total
2156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4576 | 1 Huawei | 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Application Specific Packet Filtering (ASPF) functionality in the Huawei IPS Module, NGFW Module, NIP6300, NIP6600, Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 devices with software before V500R001C20SPC100 allows remote attackers to cause a denial of service or execute arbitrary code via a crafted packet, related to "illegitimate parameters." | |||||
| CVE-2016-4058 | 1 Huawei | 1 Policy Center | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | |||||
| CVE-2016-4005 | 1 Huawei | 1 Hilink App | 2016-11-28 | 7.5 HIGH | 5.5 MEDIUM |
| The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2016-4086 | 1 Huawei | 1 Hisuite | 2016-11-28 | 2.9 LOW | 5.3 MEDIUM |
| Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||||
| CVE-2016-4057 | 1 Huawei | 1 Fusioncompute | 2016-11-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | |||||
| CVE-2016-3677 | 1 Huawei | 2 Hilink App, Wear App | 2016-11-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2015-8265 | 1 Huawei | 4 E5151, E5151 Firmware, E5186 and 1 more | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors. | |||||
| CVE-2015-8085 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2016-11-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | |||||
| CVE-2015-8337 | 1 Huawei | 4 Mate 7, Mate 7 Firmware, P8 and 1 more | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter." | |||||
| CVE-2015-8088 | 1 Huawei | 4 Mate 7, Mate 7 Firmware, P8 and 1 more | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application. | |||||
| CVE-2015-8086 | 1 Huawei | 14 Ar, Ar Firmware, Quidway S5300 and 11 more | 2016-11-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | |||||
| CVE-2016-8278 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2016-10-06 | 7.8 HIGH | 7.5 HIGH |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||||
| CVE-2016-8277 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2016-10-06 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | |||||
| CVE-2016-8276 | 1 Huawei | 4 Usg2100, Usg2200, Usg5100 and 1 more | 2016-10-04 | 9.3 HIGH | 9.8 CRITICAL |
| Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a denial of service (server restart) or execute arbitrary code via crafted packets sent during authentication. | |||||
| CVE-2016-8280 | 1 Huawei | 1 Esight | 2016-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-8304 | 1 Huawei | 2 P7, P7 Firmware | 2016-09-30 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. | |||||
| CVE-2016-5722 | 1 Huawei | 8 Ocean Stor 18500 V3, Ocean Stor 18800 V3, Ocean Stor 5300 V3 and 5 more | 2016-09-29 | 7.5 HIGH | 7.3 HIGH |
| Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. | |||||
| CVE-2016-6826 | 1 Huawei | 1 Anyoffice Secureapp | 2016-09-28 | 7.1 HIGH | 6.5 MEDIUM |
| Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | |||||
| CVE-2016-6840 | 1 Huawei | 1 Oceanstor Ism | 2016-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | |||||
| CVE-2016-6901 | 1 Huawei | 14 Ar100, Ar120, Ar1200 and 11 more | 2016-09-28 | 6.8 MEDIUM | 6.5 MEDIUM |
| Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | |||||