Filtered by vendor Huawei
Subscribe
Total
1915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9102 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800 | |||||
| CVE-2020-9101 | 1 Huawei | 12 Ips Module, Ips Module Firmware, Ngfw Module and 9 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10 | |||||
| CVE-2020-9100 | 1 Huawei | 1 Hisuite | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. | |||||
| CVE-2020-9099 | 1 Huawei | 18 Ips Module, Ips Module Firmware, Ngfw Module and 15 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. | |||||
| CVE-2020-9098 | 1 Huawei | 2 Oceanstor 5310, Oceanstor 5310 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability. The software system access an invalid pointer when attacker malformed packet. Due to the insufficient validation of some parameter, successful exploit could cause device reboot. | |||||
| CVE-2020-9096 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause out-of-bound read. This can compromise normal service. | |||||
| CVE-2020-9095 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. | |||||
| CVE-2020-9094 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | |||||
| CVE-2020-9093 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. | |||||
| CVE-2020-9092 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. | |||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | |||||
| CVE-2020-9090 | 1 Huawei | 1 Fusionaccess | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. | |||||
| CVE-2020-9087 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. | |||||
| CVE-2020-9084 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 4.6 MEDIUM | 6.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2020-9083 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E160R3P8) have a denial of service (DoS) vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service. | |||||
| CVE-2020-9079 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. | |||||
| CVE-2020-9078 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2020-9077 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure. | |||||
| CVE-2020-9076 | 1 Huawei | 6 P30, P30 Firmware, P30 Pro and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | |||||
| CVE-2020-9075 | 1 Huawei | 5 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6600 Firmware and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. | |||||