Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 1915 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1814 1 Huawei 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more 2024-02-28 3.5 LOW 5.3 MEDIUM
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal.
CVE-2019-5309 1 Huawei 2 Honor Play, Honor Play Firmware 2024-02-28 2.1 LOW 4.6 MEDIUM
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure condition.
CVE-2020-1844 1 Huawei 1 Pcmanager 2024-02-28 4.6 MEDIUM 7.8 HIGH
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
CVE-2019-5267 1 Huawei 2 Oceanstor Sns3096, Oceanstor Sns3096 Firmware 2024-02-28 2.1 LOW 5.5 MEDIUM
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.
CVE-2019-5280 1 Huawei 2 Cloudlink Phone 7900, Cloudlink Phone 7900 Firmware 2024-02-28 5.8 MEDIUM 6.5 MEDIUM
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.
CVE-2019-5243 1 Huawei 2 Hg255s, Hg255s Firmware 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
CVE-2019-5297 1 Huawei 2 Emily-l29c, Emily-l29c Firmware 2024-02-28 2.1 LOW 4.6 MEDIUM
Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T8) have a Factory Reset Protection (FRP) bypass security vulnerability. Before the FRP account is verified and activated during the reset process, the attacker can perform some special operations to bypass the FRP function and obtain the right to use the mobile phone.
CVE-2019-5283 1 Huawei 2 P20, P20 Firmware 2024-02-28 2.1 LOW 4.6 MEDIUM
There is Factory Reset Protection (FRP) bypass security vulnerability in P20 Huawei smart phones versions earlier than Emily-AL00A 9.0.0.167 (C00E81R1P21T8). When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to access the setting page. As a result, the FRP function is bypassed.
CVE-2019-5223 1 Huawei 1 Pcmanager 2024-02-28 6.8 MEDIUM 7.8 HIGH
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
CVE-2019-5285 1 Huawei 28 S12700, S12700 Firmware, S1700 and 25 more 2024-02-28 7.8 HIGH 7.5 HIGH
Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109)
CVE-2019-5236 1 Huawei 2 Emily-l29c, Emily-l29c Firmware 2024-02-28 6.8 MEDIUM 6.3 MEDIUM
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
CVE-2019-5295 1 Huawei 2 Honor View 10, Honor View 10 Firmware 2024-02-28 4.4 MEDIUM 6.4 MEDIUM
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization.
CVE-2019-5286 1 Huawei 1 Hedex Lite 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
CVE-2019-5237 1 Huawei 2 Pcmanager\(china\), Pcmanager\(oversea\) 2024-02-28 6.8 MEDIUM 7.8 HIGH
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful exploitation may cause the attacker to execute code and read/write information.
CVE-2019-5300 1 Huawei 53 Ar1200-s Firmware, Ar1200 Firmware, Ar1200e and 50 more 2024-02-28 4.6 MEDIUM 6.7 MEDIUM
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
CVE-2019-5217 1 Huawei 2 Mate 9 Pro, Mate 9 Pro Firmware 2024-02-28 2.1 LOW 4.6 MEDIUM
There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operations without unlocking the screen lock. Successful exploit could cause an information disclosure condition.
CVE-2019-5216 1 Huawei 6 Honor 10, Honor 10 Firmware, Honor Play and 3 more 2024-02-28 7.6 HIGH 7.0 HIGH
There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.
CVE-2019-5241 1 Huawei 1 Pcmanager 2024-02-28 9.3 HIGH 7.8 HIGH
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 44 Ubuntu Linux, Debian Linux, Fedora and 41 more 2024-02-28 7.2 HIGH 7.8 HIGH
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVE-2019-5299 1 Huawei 2 Hima-al00b, Hima-al00b Firmware 2024-02-28 6.8 MEDIUM 7.8 HIGH
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.