Filtered by vendor Huawei Subscriptions
Total 1926 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-5215 1 Huawei 4 P30, P30 Firmware, P30 Pro and 1 more 2024-11-21 N/A
There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), and P30 Pro versions before VOG-AL00 9.1.0.162 (C01E160R1P12/C01E160R2P1). When users establish connection and transfer data through Huawei Share, an attacker could sniff, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle attack to obtain and tamper the data. (Vulnerability ID: HWPSIRT-2019-03109)
CVE-2019-5214 1 Huawei 2 Mate 10, Mate 10 Firmware 2024-11-21 N/A
There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition.
CVE-2019-5213 1 Huawei 2 Honor Play, Honor Play Firmware 2024-11-21 2.4 Low
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock.
CVE-2019-5212 1 Huawei 2 P20, P20 Firmware 2024-11-21 5.5 Medium
There is an improper access control vulnerability in Huawei Share. The software does not properly restrict access to certain file from certain application. An attacker tricks the user into installing a malicious application then establishing a connect to the attacker through Huawei Share, successful exploit could cause information disclosure.
CVE-2019-5211 1 Huawei 2 P20, P20 Firmware 2024-11-21 5.7 Medium
The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted.
CVE-2019-5210 1 Huawei 4 Nova 5, Nova 5 Firmware, Nova 5i Pro and 1 more 2024-11-21 7.8 High
Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190(C00E190R6P2)and Versions earlier than 9.1.1.175(C00E170R3P2) have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain image information. The attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
CVE-2019-2215 5 Canonical, Debian, Google and 2 more 145 Ubuntu Linux, Debian Linux, Android and 142 more 2024-11-21 7.8 High
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVE-2019-19441 1 Huawei 2 P30, P30 Firmware 2024-11-21 6.5 Medium
HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak vulnerability. An attacker could send specific command in the local area network (LAN) to exploit this vulnerability. Successful exploitation may cause information leak.
CVE-2019-19417 1 Huawei 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more 2024-11-21 7.5 High
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
CVE-2019-19416 1 Huawei 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more 2024-11-21 7.5 High
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
CVE-2019-19415 1 Huawei 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more 2024-11-21 7.5 High
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
CVE-2019-19414 1 Huawei 14 Dbs3900 Tdd Lte, Dbs3900 Tdd Lte Firmware, Dp300 and 11 more 2024-11-21 7.5 High
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
CVE-2019-19413 1 Huawei 14 Dbs3900 Tdd Lte, Dbs3900 Tdd Lte Firmware, Dp300 and 11 more 2024-11-21 7.5 High
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash.
CVE-2019-19412 1 Huawei 56 Alp-al00b, Alp-al00b Firmware, Alp-l09 and 53 more 2024-11-21 4.6 Medium
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
CVE-2019-19411 1 Huawei 2 Usg9500, Usg9500 Firmware 2024-11-21 3.7 Low
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished.
CVE-2019-19398 1 Huawei 2 M5 Lite 10, M5 Lite 10 Firmware 2024-11-21 9.8 Critical
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution.
CVE-2019-19397 1 Huawei 14 S12700, S12700 Firmware, S1700 and 11 more 2024-11-21 7.5 High
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.
CVE-2019-14835 8 Canonical, Debian, Fedoraproject and 5 more 49 Ubuntu Linux, Debian Linux, Fedora and 46 more 2024-11-21 7.8 High
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVE-2019-0708 3 Huawei, Microsoft, Siemens 131 Agile Controller-campus, Agile Controller-campus Firmware, Bh620 V2 and 128 more 2024-11-21 9.8 Critical
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVE-2018-7994 1 Huawei 7 Ips Module, Ngfw Module, Nip6300 and 4 more 2024-11-21 N/A
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory.