Vendor CVEs
Huawei
All CVEs
2,254 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-1816 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC… | |||
| CVE-2020-1815 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release… | |||
| CVE-2020-1853 | 0.00 | — | 0.01 | Feb 17, 2020 | GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. | |||
| CVE-2020-1841 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an… | |||
| CVE-2020-1827 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this… | |||
| CVE-2020-1856 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected… | |||
| CVE-2020-1829 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause… | |||
| CVE-2020-1857 | 0.00 | — | 0.00 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some… | |||
| CVE-2020-1828 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in… | |||
| CVE-2020-1858 | 0.00 | — | 0.01 | Feb 17, 2020 | Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of… | |||
| CVE-2013-2612 | 0.00 | — | 0.03 | Jan 27, 2020 | Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | |||
| CVE-2019-19413 | 0.00 | — | 0.01 | Jan 21, 2020 | There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system… | |||
| CVE-2020-1788 | 0.00 | — | 0.01 | Jan 21, 2020 | Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into… | |||
| CVE-2020-1840 | 0.00 | — | 0.00 | Jan 21, 2020 | HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak… | |||
| CVE-2019-19411 | 0.00 | — | 0.01 | Jan 21, 2020 | USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm,… | |||
| CVE-2014-2271 | 0.00 | — | 0.02 | Jan 14, 2020 | cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and… | |||
| CVE-2020-1786 | 0.00 | — | 0.00 | Jan 9, 2020 | HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a… | |||
| CVE-2020-1787 | 0.00 | — | 0.00 | Jan 9, 2020 | HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host… | |||
| CVE-2020-1826 | 0.00 | — | 0.00 | Jan 9, 2020 | Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. | |||
| CVE-2020-1785 | 0.00 | — | 0.00 | Jan 3, 2020 | Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit… | |||
| CVE-2020-1871 | 0.00 | — | 0.01 | Jan 3, 2020 | USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could… | |||
| CVE-2019-19441 | 0.00 | — | 0.00 | Jan 3, 2020 | HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak. | |||
| CVE-2019-5273 | 0.00 | — | 0.00 | Dec 26, 2019 | USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious… | |||
| CVE-2019-5274 | 0.00 | — | 0.00 | Dec 26, 2019 | USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a… | |||
| CVE-2019-5275 | 0.00 | — | 0.00 | Dec 26, 2019 | USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a… | |||
| CVE-2019-5272 | 0.00 | — | 0.00 | Dec 26, 2019 | USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. | |||
| CVE-2019-19398 | 0.00 | — | 0.01 | Dec 26, 2019 | M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may… | |||
| CVE-2019-5265 | 0.00 | — | 0.01 | Dec 23, 2019 | Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information… | |||
| CVE-2019-5276 | 0.00 | — | 0.00 | Dec 23, 2019 | Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the… | |||
| CVE-2019-5266 | 0.00 | — | 0.01 | Dec 23, 2019 | Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled. | |||
| CVE-2019-5267 | 0.00 | — | 0.00 | Dec 23, 2019 | Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure. | |||
| CVE-2019-5252 | 0.00 | — | 0.00 | Dec 13, 2019 | There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by… | |||
| CVE-2019-5264 | 0.00 | — | 0.00 | Dec 13, 2019 | There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by… | |||
| CVE-2019-5277 | 0.00 | — | 0.01 | Dec 13, 2019 | Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation. | |||
| CVE-2019-5254 | 0.00 | — | 0.01 | Dec 13, 2019 | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who… | |||
| CVE-2019-5255 | 0.00 | — | 0.00 | Dec 13, 2019 | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted… | |||
| CVE-2019-5256 | 0.00 | — | 0.00 | Dec 13, 2019 | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system… | |||
| CVE-2019-5258 | 0.00 | — | 0.00 | Dec 13, 2019 | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs… | |||
| CVE-2019-5257 | 0.00 | — | 0.00 | Dec 13, 2019 | Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network. | |||
| CVE-2019-5260 | 0.00 | — | 0.00 | Dec 13, 2019 | Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected… | |||
| CVE-2019-5278 | 0.00 | — | 0.01 | Dec 13, 2019 | There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database.… | |||
| CVE-2019-5253 | 0.00 | — | 0.01 | Dec 13, 2019 | E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a… | |||
| CVE-2019-5290 | 0.00 | — | 0.01 | Dec 13, 2019 | Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal. | |||
| CVE-2019-5248 | 0.00 | — | 0.00 | Dec 13, 2019 | CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on… | |||
| CVE-2019-5250 | 0.00 | — | 0.01 | Dec 13, 2019 | Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application… | |||
| CVE-2019-5309 | 0.00 | — | 0.00 | Nov 29, 2019 | Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an… | |||
| CVE-2019-5271 | 0.00 | — | 0.00 | Nov 29, 2019 | There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers… | |||
| CVE-2019-5308 | 0.00 | — | 0.00 | Nov 29, 2019 | Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of… | |||
| CVE-2019-5247 | 0.00 | — | 0.00 | Nov 29, 2019 | Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. | |||
| CVE-2019-5269 | 0.00 | — | 0.00 | Nov 29, 2019 | Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege. |
- CVE-2020-1816Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC…
- CVE-2020-1815Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release…
- CVE-2020-1853Feb 17, 2020risk 0.00cvss —epss 0.01
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.
- CVE-2020-1841Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an…
- CVE-2020-1827Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. An attacker can exploit this…
- CVE-2020-1856Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected…
- CVE-2020-1829Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause…
- CVE-2020-1857Feb 17, 2020risk 0.00cvss —epss 0.00
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some…
- CVE-2020-1828Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in…
- CVE-2020-1858Feb 17, 2020risk 0.00cvss —epss 0.01
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of…
- CVE-2013-2612Jan 27, 2020risk 0.00cvss —epss 0.03
Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.
- CVE-2019-19413Jan 21, 2020risk 0.00cvss —epss 0.01
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system…
- CVE-2020-1788Jan 21, 2020risk 0.00cvss —epss 0.01
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into…
- CVE-2020-1840Jan 21, 2020risk 0.00cvss —epss 0.00
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak…
- CVE-2019-19411Jan 21, 2020risk 0.00cvss —epss 0.01
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm,…
- CVE-2014-2271Jan 14, 2020risk 0.00cvss —epss 0.02
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and…
- CVE-2020-1786Jan 9, 2020risk 0.00cvss —epss 0.00
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a…
- CVE-2020-1787Jan 9, 2020risk 0.00cvss —epss 0.00
HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host…
- CVE-2020-1826Jan 9, 2020risk 0.00cvss —epss 0.00
Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information.
- CVE-2020-1785Jan 3, 2020risk 0.00cvss —epss 0.00
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit…
- CVE-2020-1871Jan 3, 2020risk 0.00cvss —epss 0.01
USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R001C30SPC600; V500R001C60SPC500; V500R005C00SPC100; V500R005C00SPC200 have an improper credentials management vulnerability. The software does not properly manage certain credentials. Successful exploit could…
- CVE-2019-19441Jan 3, 2020risk 0.00cvss —epss 0.00
HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.
- CVE-2019-5273Dec 26, 2019risk 0.00cvss —epss 0.00
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious…
- CVE-2019-5274Dec 26, 2019risk 0.00cvss —epss 0.00
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a…
- CVE-2019-5275Dec 26, 2019risk 0.00cvss —epss 0.00
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a…
- CVE-2019-5272Dec 26, 2019risk 0.00cvss —epss 0.00
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection.
- CVE-2019-19398Dec 26, 2019risk 0.00cvss —epss 0.01
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may…
- CVE-2019-5265Dec 23, 2019risk 0.00cvss —epss 0.01
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender to steal P2P network information. Successful exploit may cause information…
- CVE-2019-5276Dec 23, 2019risk 0.00cvss —epss 0.00
Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C00E220R2P1) have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause the…
- CVE-2019-5266Dec 23, 2019risk 0.00cvss —epss 0.01
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled.
- CVE-2019-5267Dec 23, 2019risk 0.00cvss —epss 0.00
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure.
- CVE-2019-5252Dec 13, 2019risk 0.00cvss —epss 0.00
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by…
- CVE-2019-5264Dec 13, 2019risk 0.00cvss —epss 0.00
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by…
- CVE-2019-5277Dec 13, 2019risk 0.00cvss —epss 0.01
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
- CVE-2019-5254Dec 13, 2019risk 0.00cvss —epss 0.01
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who…
- CVE-2019-5255Dec 13, 2019risk 0.00cvss —epss 0.00
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a DoS vulnerability. An attacker may send crafted…
- CVE-2019-5256Dec 13, 2019risk 0.00cvss —epss 0.00
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a null pointer dereference vulnerability. The system…
- CVE-2019-5258Dec 13, 2019risk 0.00cvss —epss 0.00
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have a buffer overflow vulnerability. An attacker who logs…
- CVE-2019-5257Dec 13, 2019risk 0.00cvss —epss 0.00
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace) have a resource management vulnerability. An attacker who logs in to the board may send crafted messages from the internal network.
- CVE-2019-5260Dec 13, 2019risk 0.00cvss —epss 0.00
Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected…
- CVE-2019-5278Dec 13, 2019risk 0.00cvss —epss 0.01
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database.…
- CVE-2019-5253Dec 13, 2019risk 0.00cvss —epss 0.01
E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a…
- CVE-2019-5290Dec 13, 2019risk 0.00cvss —epss 0.01
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed properly, the vulnerability can be exploited to cause the device to be abnormal.
- CVE-2019-5248Dec 13, 2019risk 0.00cvss —epss 0.00
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on…
- CVE-2019-5250Dec 13, 2019risk 0.00cvss —epss 0.01
Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application…
- CVE-2019-5309Nov 29, 2019risk 0.00cvss —epss 0.00
Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an…
- CVE-2019-5271Nov 29, 2019risk 0.00cvss —epss 0.00
There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers…
- CVE-2019-5308Nov 29, 2019risk 0.00cvss —epss 0.00
Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of…
- CVE-2019-5247Nov 29, 2019risk 0.00cvss —epss 0.00
Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash.
- CVE-2019-5269Nov 29, 2019risk 0.00cvss —epss 0.00
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
Page 43 of 46