Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-22 | CVE-2017-8142 | Use After Free vulnerability in Huawei Mate 9 Firmware and Mate 9 PRO Firmware The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. | 7.8 |
| 2017-11-22 | CVE-2017-8141 | Double Free vulnerability in Huawei P10 Plus Firmware The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. | 7.8 |
| 2017-11-22 | CVE-2017-8140 | Double Free vulnerability in Huawei P9 Plus Firmware Eval09C636B388/Vieal10 The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. | 7.8 |
| 2017-11-22 | CVE-2017-8139 | Cross-site Scripting vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. | 6.1 |
| 2017-11-22 | CVE-2017-8138 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-8137 | Untrusted Search Path vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. | 7.8 |
| 2017-11-22 | CVE-2017-8136 | Information Exposure vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. | 5.5 |
| 2017-11-22 | CVE-2017-8135 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-8134 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-8133 | Command Injection vulnerability in Huawei Neteco V600R008C00/V600R008C10 Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. | 8.8 |