| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. |
| The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. |
| The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. |
| The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. |
| The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. |
| The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. |
| Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access. |
| The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. |
| Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with software V300R001C00SPC900 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. |
| HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak. |
| Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The attacker can exploit this vulnerability to restore the phone to factory settings. |
| The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
| Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. |
| Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. |
| Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. |
| HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. |
| Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution. |
| Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. |
| Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. |
