VYPR

CVEs

101,975 total · page 1849 of 2,040

  • CVE-2017-8210HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8209HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8208HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8207HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The driver of honor 5C, honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a…

  • CVE-2017-8205HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the…

  • CVE-2017-8204HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the…

  • CVE-2017-8203HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high…

  • CVE-2017-8198HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection…

  • CVE-2017-8197HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute…

  • CVE-2017-8195HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

  • CVE-2017-8194HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

  • CVE-2017-8193HigNov 22, 2017
    risk 0.52cvss 8.0epss 0.01

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

  • CVE-2017-8192HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.00

    FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.

  • CVE-2017-8188HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.02

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.

  • CVE-2017-8185HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.00

    ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the…

  • CVE-2017-8181HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has…

  • CVE-2017-8180HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special…

  • CVE-2017-8179HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special…

  • CVE-2017-8174HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential…

  • CVE-2017-8170HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to…

  • CVE-2017-8169HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to…

  • CVE-2017-8167HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause the device to restart.

  • CVE-2017-8160HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An…

  • CVE-2017-8159HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type…

  • CVE-2017-8155HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.00

    The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the…

  • CVE-2017-8153HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining…

  • CVE-2017-8150HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter…

  • CVE-2017-8147HigNov 22, 2017
    risk 0.49cvss 7.5epss 0.01

    AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00,…

  • CVE-2017-8142HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a…

  • CVE-2017-8141HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application…

  • CVE-2017-8140HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific…

  • CVE-2017-8138HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.00

    HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.

  • CVE-2017-8137HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.

  • CVE-2017-8135HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-8134HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-8133HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.02

    Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to…

  • CVE-2017-8132HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-8131HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some…

  • CVE-2017-2737HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

  • CVE-2017-2736HigNov 22, 2017
    risk 0.47cvss 7.2epss 0.01

    VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack.

  • CVE-2017-2735HigNov 22, 2017
    risk 0.46cvss 7.1epss 0.01

    TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could…

  • CVE-2017-2729HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a…

  • CVE-2017-2726HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2017-2725HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2017-2724HigNov 22, 2017
    risk 0.55cvss 8.4epss 0.01

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The…

  • CVE-2017-2722HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software…

  • CVE-2017-2719HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious…

  • CVE-2017-2718HigNov 22, 2017
    risk 0.57cvss 8.8epss 0.01

    FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious…

  • CVE-2017-2716HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the…

  • CVE-2017-2715HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.00

    The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe…