Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 1915 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5211 1 Huawei 2 P20, P20 Firmware 2024-02-28 4.3 MEDIUM 5.7 MEDIUM
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.
CVE-2020-1791 1 Huawei 2 Mate 20, Mate 20 Firmware 2024-02-28 2.1 LOW 2.4 LOW
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.
CVE-2019-5263 1 Huawei 2 Hisuite, Hwbackup 2024-02-28 2.1 LOW 5.5 MEDIUM
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
CVE-2019-5272 1 Huawei 2 Usg9500, Usg9500 Firmware 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection.
CVE-2020-1853 1 Huawei 1 Gaussdb 200 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.
CVE-2020-1857 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage.
CVE-2019-5225 1 Huawei 6 Mate 20, Mate 20 Firmware, P30 and 3 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.
CVE-2020-1861 1 Huawei 2 Cloudengine 12800, Cloudengine 12800 Firmware 2024-02-28 2.1 LOW 4.4 MEDIUM
CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage.
CVE-2020-1860 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet.
CVE-2019-5275 1 Huawei 2 Usg9500, Usg9500 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate to perform a denial of service attack on the affected products.
CVE-2019-5254 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-02-28 5.0 MEDIUM 8.6 HIGH
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board may send crafted messages from the internal network port or tamper with inter-process message packets to exploit this vulnerability. Due to insufficient validation of the message, successful exploit may cause the affected board to be abnormal.
CVE-2019-5279 1 Huawei 2 Emily-l29c, Emily-l29c Firmware 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C10E2R1P13T8), Versions earlier than 9.1.0.311(C461E2R1P11T8), Versions earlier than 9.1.0.316(C635E2R1P11T8), Versions earlier than 9.1.0.311(C185E2R1P12T8), Versions earlier than 9.1.0.311(C605E2R1P12T8), Versions earlier than 9.1.0.311(C636E7R1P13T8) have an information leakage vulnerability. An attacker tricks the user into installing a malicious application, which can copy specific files to the sdcard, resulting in information leakage.
CVE-2019-5257 1 Huawei 34 Ap2000, Ap2000 Firmware, Espace U1981 and 31 more 2024-02-28 2.1 LOW 5.5 MEDIUM
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.
CVE-2019-5260 1 Huawei 4 View 20, View 20 Firmware, Y9 2019 and 1 more 2024-02-28 6.1 MEDIUM 6.5 MEDIUM
Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot.
CVE-2019-5235 1 Huawei 100 Alp-al00b, Alp-al00b Firmware, Alp-tl00b and 97 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5268 1 Huawei 44 Cd10-10, Cd10-10 Firmware, Cd16-10 and 41 more 2024-02-28 4.8 MEDIUM 8.1 HIGH
Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories.
CVE-2019-5228 1 Huawei 6 Honor V20, Honor V20 Firmware, P30 and 3 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
CVE-2020-8840 5 Debian, Fasterxml, Huawei and 2 more 9 Debian Linux, Jackson-databind, Oceanstor 9000 and 6 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CVE-2020-1790 1 Huawei 1 Gaussdb 200 2024-02-28 6.5 MEDIUM 8.8 HIGH
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands.
CVE-2019-5269 1 Huawei 44 Cd10-10, Cd10-10 Firmware, Cd16-10 and 41 more 2024-02-28 4.6 MEDIUM 7.8 HIGH
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.