Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-24 | CVE-2014-9418 | Buffer Errors vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03/V200R001C03 The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. | 2.1 |
| 2014-12-24 | CVE-2014-9417 | Improper Input Validation vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03 The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | 2.1 |
| 2014-12-24 | CVE-2014-9416 | DLL Loading Multiple Local Code Execution vulnerability in Huawei eSpace Desktop Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. local huawei | 4.4 |
| 2014-12-24 | CVE-2014-9415 | Improper Input Validation vulnerability in Huawei Espace Desktop V100R001C02/V100R001C03 Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | 1.9 |
| 2014-12-19 | CVE-2014-9135 | Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L10 Firmware V100R001C00B135 The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package. | 4.3 |
| 2014-12-05 | CVE-2014-2273 | Permissions, Privileges, and Access Controls vulnerability in Huawei P2-6011 Firmware V100R001C00B042 The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | 7.2 |
| 2014-12-03 | CVE-2014-9134 | Unspecified vulnerability in Huawei products Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | 10.0 |
| 2014-11-21 | CVE-2014-5395 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei products Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. | 6.8 |
| 2014-11-13 | CVE-2014-8359 | Permissions, Privileges, and Access Controls vulnerability in Huawei products Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory. | 7.2 |
| 2014-10-20 | CVE-2014-8331 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei E3236 Firmware and E3276 Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. | 6.8 |