CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Huawei : Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-34741 120 Overflow 2022-07-12 2022-07-19
3.3
None Local Network Low Not required None Partial None
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
2 CVE-2022-34740 120 Overflow 2022-07-12 2022-07-19
3.3
None Local Network Low Not required None Partial None
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
3 CVE-2021-40059 276 2022-03-10 2022-03-14
3.3
None Local Network Low Not required Partial None None
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.
4 CVE-2021-40016 863 2022-07-12 2022-07-15
3.3
None Local Network Low Not required Partial None None
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.
5 CVE-2021-40013 287 2022-07-12 2022-07-15
3.3
None Local Network Low Not required None Partial None
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.
6 CVE-2021-37124 22 Dir. Trav. 2021-10-27 2021-10-28
3.3
None Local Network Low Not required None Partial None
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.
7 CVE-2021-37039 20 2021-12-08 2021-12-09
3.3
None Local Network Low Not required None None Partial
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.
8 CVE-2021-22469 125 2021-10-28 2021-11-01
3.6
None Local Low Not required Partial None Partial
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.
9 CVE-2021-22409 DoS 2021-05-20 2022-07-12
3.5
None Remote Medium ??? None None Partial
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
10 CVE-2021-22339 345 DoS 2021-05-20 2021-05-26
3.5
None Remote Medium ??? None None Partial
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
11 CVE-2021-22334 2021-06-03 2022-07-12
3.3
None Local Network Low Not required None Partial None
There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections.
12 CVE-2018-7976 79 XSS 2018-06-01 2018-07-05
3.5
None Remote Medium ??? None Partial None
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop.
13 CVE-2017-17175 20 DoS 2018-07-02 2018-09-08
3.3
None Local Network Low Not required None None Partial
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages.
14 CVE-2017-15312 79 XSS 2017-12-22 2018-01-04
3.5
None Remote Medium ??? None Partial None
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.
15 CVE-2017-8189 22 Dir. Trav. 2017-11-22 2017-12-08
3.6
None Local Low Not required None Partial Partial
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.
16 CVE-2017-8168 311 +Info 2017-11-22 2019-10-03
3.3
None Local Network Low Not required Partial None None
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted.
17 CVE-2016-8275 20 2017-04-02 2017-04-05
3.5
None Remote Medium ??? None None Partial
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.
18 CVE-2016-5850 79 XSS 2016-07-12 2016-07-14
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
19 CVE-2016-4058 79 XSS 2016-09-27 2016-11-28
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."
20 CVE-2013-4628 200 +Info 2013-06-20 2013-06-21
3.5
None Remote Medium ??? Partial None None
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone.
21 CVE-2012-3268 522 2013-02-01 2021-04-06
3.5
None Remote Medium ??? Partial None None
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.