Filtered by vendor Huawei
Subscribe
Total
1888 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-8140 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. | |||||
CVE-2017-2725 | 1 Huawei | 4 P10, P10 Firmware, P10 Plus and 1 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution. | |||||
CVE-2017-15307 | 1 Huawei | 2 Honor 8, Honor 8 Firmware | 2024-02-28 | 1.9 LOW | 2.3 LOW |
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. | |||||
CVE-2017-2709 | 1 Huawei | 2 Higame, Skytone | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, the attacker can send malformed packets to the device. Due to the lack of adequate input validation of APPs, which causes the APPs Denial of Service. | |||||
CVE-2017-8145 | 1 Huawei | 4 P10, P10 Firmware, P10 Plus and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into installing a malicious application, and the application can send given parameter to call module to crash the call and data communication process. | |||||
CVE-2017-8200 | 1 Huawei | 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. | |||||
CVE-2017-2705 | 1 Huawei | 2 P9, P9 Firmware | 2024-02-28 | 2.1 LOW | 2.4 LOW |
Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a phone activation bypass vulnerability. Successful exploit could allow an unauthenticated attacker to bypass phone activation to settings page of the phone. | |||||
CVE-2017-2716 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a system crash or privilege escalation. | |||||
CVE-2017-8167 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart. | |||||
CVE-2015-7843 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | |||||
CVE-2017-2723 | 1 Huawei | 1 Files | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. | |||||
CVE-2017-8185 | 1 Huawei | 2 Me906s-158, Me906s-158 Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. | |||||
CVE-2017-8134 | 1 Huawei | 1 Fusionsphere Openstack | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
CVE-2017-2717 | 1 Huawei | 2 Honor 8 Pro, Honor 8 Pro Firmware | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could produce an integer overflow and restart the modem system. | |||||
CVE-2017-2733 | 1 Huawei | 2 Honor 6x, Honor 6x Firmware | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the application can get the file that keep the cipher text of the SIM card PIN. | |||||
CVE-2015-8224 | 1 Huawei | 2 P8, P8 Firmware | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. | |||||
CVE-2017-15317 | 1 Huawei | 30 Ar120-s, Ar120-s Firmware, Ar1200 and 27 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart. | |||||
CVE-2017-8190 | 1 Huawei | 1 Fusionsphere Openstack | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software. | |||||
CVE-2017-8121 | 1 Huawei | 1 Uma | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||||
CVE-2017-8148 | 1 Huawei | 2 P9, P9 Firmware | 2024-02-28 | 5.4 MEDIUM | 4.7 MEDIUM |
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot. |