| CVE-2017-15313 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. |
| CVE-2017-15312 |
medium |
5.4 |
5.4 |
|
|
huawei |
9y ago |
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious script… |
| CVE-2017-15310 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD c… |
| CVE-2017-15309 |
high |
7.1 |
7.1 |
|
|
huawei |
9y ago |
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious f… |
| CVE-2017-15308 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load maliciou… |
| CVE-2017-8186 |
medium |
5.5 |
5.5 |
|
|
huawei |
9y ago |
The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into inst… |
| CVE-2017-8177 |
medium |
5.3 |
5.3 |
|
|
huawei |
9y ago |
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Su… |
| CVE-2017-8175 |
medium |
5.5 |
5.5 |
|
|
huawei |
9y ago |
The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficie… |
| CVE-2017-8158 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could crea… |
| CVE-2017-8153 |
high |
7.1 |
7.1 |
|
|
huawei |
9y ago |
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send… |
| CVE-2017-8139 |
medium |
6.1 |
6.1 |
|
|
huawei |
9y ago |
HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to int… |
| CVE-2017-8138 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper wi… |
| CVE-2017-8137 |
high |
7.8 |
7.8 |
|
|
huawei |
9y ago |
HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability… |
| CVE-2017-8136 |
medium |
5.5 |
5.5 |
|
|
huawei |
9y ago |
HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak. |
| CVE-2017-8133 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to… |
| CVE-2017-8130 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
| CVE-2017-8129 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… |
| CVE-2017-8128 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… |
| CVE-2017-8127 |
medium |
6.1 |
6.1 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. |
| CVE-2017-8126 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… |
| CVE-2017-8125 |
medium |
6.1 |
6.1 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch X… |
| CVE-2017-8124 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… |
| CVE-2017-8123 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… |
| CVE-2017-8122 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit… |
| CVE-2017-8121 |
medium |
5.3 |
5.3 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
| CVE-2017-8120 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… |
| CVE-2017-8119 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… |
| CVE-2017-8117 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packe… |
| CVE-2017-2732 |
medium |
5.5 |
5.5 |
|
|
huawei |
9y ago |
Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP … |
| CVE-2017-2723 |
medium |
6.7 |
6.7 |
|
|
huawei |
9y ago |
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system c… |
| CVE-2017-2715 |
high |
7.8 |
7.8 |
|
|
huawei |
9y ago |
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attack… |
| CVE-2017-2709 |
medium |
5.5 |
5.5 |
|
|
huawei |
9y ago |
HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the … |
| CVE-2017-2704 |
high |
7.5 |
7.5 |
|
|
huawei |
9y ago |
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlie… |
| CVE-2015-7843 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R00… |
| CVE-2015-7841 |
critical |
9.8 |
9.8 |
|
|
huawei |
9y ago |
The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V10… |
| CVE-2016-8803 |
high |
7.5 |
7.5 |
|
|
huawei |
9y ago |
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. |
| CVE-2016-8779 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a s… |
| CVE-2016-8275 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. |
| CVE-2016-8274 |
high |
7.8 |
7.8 |
|
|
huawei |
9y ago |
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. |
| CVE-2016-8273 |
high |
7.8 |
7.8 |
|
|
huawei |
9y ago |
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can la… |
| CVE-2016-8272 |
medium |
5.3 |
5.3 |
|
|
huawei |
9y ago |
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. |
| CVE-2015-8671 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. |
| CVE-2015-8670 |
medium |
6.5 |
6.5 |
|
|
huawei |
9y ago |
Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. |
| CVE-2015-7844 |
high |
7.5 |
7.5 |
|
|
huawei |
9y ago |
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not … |
| CVE-2014-9137 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V300R001C00; USG2100 with software V300R001C00SPC900 and earlier versions; USG2200 with software V300R001C00SPC900; USG5100 with s… |
| CVE-2014-9136 |
high |
8.8 |
8.8 |
|
|
huawei |
9y ago |
Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface. |
| CVE-2014-3222 |
high |
7.0 |
8.0 |
EXP |
|
huawei |
9y ago |
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key… |
| CVE-2016-2406 |
medium |
4.3 |
4.3 |
|
|
huawei |
9y ago |
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by l… |
| CVE-2016-5822 |
high |
7.5 |
7.5 |
|
|
huawei |
10y ago |
Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets. |
| CVE-2016-8280 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. |
| CVE-2016-8278 |
high |
7.5 |
7.5 |
|
|
huawei |
10y ago |
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. |
| CVE-2016-8277 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified… |
| CVE-2016-8276 |
critical |
9.8 |
9.8 |
|
|
huawei |
10y ago |
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHA… |
| CVE-2016-4058 |
medium |
5.4 |
5.4 |
|
|
huawei |
10y ago |
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special char… |
| CVE-2016-6827 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. |
| CVE-2016-6826 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. |
| CVE-2016-6840 |
medium |
6.1 |
6.1 |
|
|
huawei |
10y ago |
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName … |
| CVE-2016-7110 |
critical |
9.8 |
9.8 |
|
|
huawei |
10y ago |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. |
| CVE-2016-7109 |
critical |
9.8 |
9.8 |
|
|
huawei |
10y ago |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. |
| CVE-2016-7108 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. |
| CVE-2016-7107 |
high |
7.5 |
7.5 |
|
|
huawei |
10y ago |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. |
| CVE-2016-6898 |
medium |
6.6 |
6.6 |
|
|
huawei |
10y ago |
XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary fi… |
| CVE-2016-6839 |
medium |
6.1 |
6.1 |
|
|
huawei |
10y ago |
CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
| CVE-2016-5821 |
high |
7.8 |
7.8 |
|
|
huawei |
10y ago |
Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain … |
| CVE-2016-5850 |
medium |
5.4 |
5.4 |
|
|
huawei |
10y ago |
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2016-4086 |
medium |
5.3 |
5.3 |
|
|
huawei |
10y ago |
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. |
| CVE-2016-5723 |
high |
7.8 |
7.8 |
|
|
huawei |
10y ago |
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. |
| CVE-2016-5722 |
high |
7.3 |
7.3 |
|
|
huawei |
10y ago |
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct … |
| CVE-2016-4005 |
medium |
5.5 |
5.5 |
|
|
huawei |
10y ago |
The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. |
| CVE-2016-3677 |
medium |
6.5 |
6.5 |
|
|
huawei |
10y ago |
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. |
| CVE-2016-2855 |
high |
7.8 |
7.8 |
|
|
huawei |
10y ago |
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION… |
| CVE-2015-8336 |
medium |
4.3 |
4.3 |
|
|
huawei |
10y ago |
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. |
| CVE-2016-2780 |
high |
7.8 |
7.8 |
|
|
huawei |
10y ago |
Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unsp… |
| CVE-2016-1495 |
high |
7.8 |
7.8 |
|
|
huawei |
10y ago |
Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows at… |
| CVE-2015-8682 |
medium |
6.1 |
6.1 |
|
|
huawei |
10y ago |
The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL… |
| CVE-2016-2405 |
high |
8.8 |
8.8 |
|
|
huawei |
10y ago |
Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. |
| CVE-2016-3678 |
high |
7.5 |
7.5 |
|
|
huawei |
10y ago |
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. |
| CVE-2015-8335 |
medium |
6.5 |
6.5 |
|
|
huawei |
11y ago |
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading… |
| CVE-2015-8333 |
high |
7.1 |
7.1 |
|
|
huawei |
11y ago |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. |
| CVE-2015-8331 |
high |
7.4 |
7.4 |
|
|
huawei |
11y ago |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attack… |
| CVE-2015-8231 |
high |
7.5 |
7.5 |
|
|
huawei |
11y ago |
Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. |
| CVE-2015-8230 |
high |
7.5 |
7.5 |
|
|
huawei |
11y ago |
Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted … |
| CVE-2015-8303 |
medium |
4.0 |
4.0 |
|
|
huawei |
11y ago |
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by p… |
| CVE-2015-8087 |
medium |
— |
5.0 |
|
|
huawei |
11y ago |
Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to othe… |
| CVE-2015-3912 |
medium |
— |
5.0 |
|
|
huawei |
11y ago |
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sendi… |
| CVE-2015-2346 |
medium |
— |
4.0 |
|
|
huawei |
11y ago |
XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. |
| CVE-2015-2347 |
medium |
— |
4.3 |
|
|
huawei |
11y ago |
Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req par… |
| CVE-2014-9416 |
medium |
— |
5.4 |
EXP |
|
huawei |
12y ago |
Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71en… |
| CVE-2014-9135 |
medium |
— |
4.3 |
|
|
huawei |
12y ago |
The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted… |
| CVE-2014-2968 |
medium |
— |
4.3 |
|
|
huawei |
12y ago |
Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary … |
| CVE-2014-4190 |
high |
— |
7.8 |
|
|
huawei |
12y ago |
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6… |
| CVE-2014-2946 |
medium |
— |
7.8 |
EXP |
|
huawei |
12y ago |
Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentic… |
| CVE-2013-4633 |
critical |
— |
9.0 |
|
|
huawei |
13y ago |
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. |
| CVE-2012-6568 |
medium |
— |
7.9 |
EXP |
|
huawei |
13y ago |
Buffer overflow in the back-end component in Huawei UTPS 1.0 allows local users to gain privileges via a long IDS_PLUGIN_NAME string in a plug-in configuration file. |
