Vulnerabilities (CVE)

Filtered by vendor Huawei Subscribe
Total 1915 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7841 1 Huawei 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command."
CVE-2015-7740 1 Huawei 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver.
CVE-2015-7254 1 Huawei 3 Hg532e, Hg532n, Hg532s 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
CVE-2015-6592 1 Huawei 2 Uap2105, Uap2105 Firmware 2024-11-21 7.2 HIGH 6.8 MEDIUM
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
CVE-2015-6586 1 Huawei 6 Wlan Ac6005, Wlan Ac6005 Firmware, Wlan Ac6605 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.
CVE-2015-4629 1 Huawei 2 E5756s, E5756s Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.
CVE-2015-4422 1 Huawei 2 Mate 7, Mate 7 Firmware 2024-11-21 7.6 HIGH 7.0 HIGH
The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.
CVE-2015-4421 1 Huawei 2 Mate 7, Mate 7 Firmware 2024-11-21 7.6 HIGH 7.5 HIGH
The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input.
CVE-2015-3913 1 Huawei 44 S12700, S12700 Firmware, S2300 and 41 more 2024-11-21 7.8 HIGH 7.5 HIGH
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
CVE-2015-3912 1 Huawei 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui 2024-11-21 5.0 MEDIUM N/A
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.
CVE-2015-3911 1 Huawei 2 E587 Mobile Wifi, E587 Mobile Wifi Firmware 2024-11-21 9.0 HIGH N/A
Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more 2024-11-21 5.0 MEDIUM N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2015-2800 1 Huawei 14 Campus S5300, Campus S5700, Campus S6300 and 11 more 2024-11-21 7.8 HIGH 7.5 HIGH
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
CVE-2015-2347 1 Huawei 1 Seq Analyst 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) monitor/, or (3) psnpm/ or the (4) module XML element in the req parameter to flexdata.action in monitor/.
CVE-2015-2346 1 Huawei 1 Seq Analyst 2024-11-21 4.0 MEDIUM N/A
XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.
CVE-2015-2255 1 Huawei 2 Ar1220, Ar1220 Firmware 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CVE-2015-2254 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compromise of system functions when loading a patch.
CVE-2015-2253 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2024-11-21 3.5 LOW 5.0 MEDIUM
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
CVE-2015-2252 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2024-11-21 9.3 HIGH 8.8 HIGH
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
CVE-2015-2251 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.