Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 1915 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6518 1 Huawei 16 S12700, S12700 Firmware, S5300 and 13 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of malformed packets.
CVE-2016-6669 1 Huawei 8 Usg2100, Usg2100 Firmware, Usg2200 and 5 more 2024-02-28 7.1 HIGH 7.5 HIGH
Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet.
CVE-2016-8280 1 Huawei 1 Esight 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2015-7254 1 Huawei 3 Hg532e, Hg532n, Hg532s 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
CVE-2016-1496 1 Huawei 2 P8, P8 Firmware 2024-02-28 7.1 HIGH 5.5 MEDIUM
The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue."
CVE-2015-7845 1 Huawei 7 Espace Firmware, Espace Unified Gateway U1910, Espace Unified Gateway U1911 and 4 more 2024-02-28 5.0 MEDIUM N/A
The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets.
CVE-2015-8318 1 Huawei 4 Mate S, Mate S Firmware, P8 and 1 more 2024-02-28 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319.
CVE-2015-8088 1 Huawei 4 Mate 7, Mate 7 Firmware, P8 and 1 more 2024-02-28 9.3 HIGH 7.8 HIGH
Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application.
CVE-2016-5233 1 Huawei 2 Mate 8, Mate 8 Firmware 2024-02-28 4.3 MEDIUM 3.7 LOW
Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors involving improper security status verification, aka HWPSIRT-2015-12007.
CVE-2016-4575 1 Huawei 8 Ath, Ath Firmware, Cherryplus and 5 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
CVE-2016-5821 1 Huawei 1 Hisuite 2024-02-28 7.2 HIGH 7.8 HIGH
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files.
CVE-2016-6179 1 Huawei 2 Honor 6, Honor 6 Firmware 2024-02-28 6.9 MEDIUM 7.0 HIGH
The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application.
CVE-2015-8228 1 Huawei 10 Ar120, Ar1200, Ar150 and 7 more 2024-02-28 4.0 MEDIUM N/A
Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to access arbitrary directories via unspecified vectors.
CVE-2016-6898 1 Huawei 1 E9000 Chassis 2024-02-28 4.9 MEDIUM 6.6 MEDIUM
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document.
CVE-2015-8084 1 Huawei 5 Unified Security Gateway Firmware, Usg2100, Usg2200 and 2 more 2024-02-28 7.1 HIGH N/A
Huawei USG5500, USG2100, USG2200, and USG5100 unified security gateways with software before V300R001C10SPC600, when "DHCP Snooping" is enabled and either "option82 insert" or "option82 rebuild" is enabled on an interface, allow remote attackers to cause a denial of service (reboot) via crafted DHCP packets.
CVE-2016-7108 1 Huawei 1 Uma 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors.
CVE-2015-8265 1 Huawei 4 E5151, E5151 Firmware, E5186 and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.
CVE-2015-8085 1 Huawei 14 Ar, Ar Firmware, Quidway S5300 and 11 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
CVE-2016-5367 1 Huawei 2 Honor Ws851, Honor Ws851 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
CVE-2015-8226 1 Huawei 2 Ale Firmware, Gem-703l Firmware 2024-02-28 7.1 HIGH 5.5 MEDIUM
The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225.