Vulnerabilities > Huawei
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-12 | CVE-2015-8337 | Unspecified vulnerability in Huawei Mate 7 Firmware and P8 Firmware The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter." | 5.5 |
| 2016-01-12 | CVE-2015-8306 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei P8 Firmware Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) or execute arbitrary code via an unspecified parameter. | 7.8 |
| 2016-01-12 | CVE-2015-8088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 7 Firmware and P8 Firmware Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application. | 7.8 |
| 2016-01-11 | CVE-2015-8335 | Information Exposure vulnerability in Huawei Vcn500 V100R002C00Spc200/V100R002C00Spc200B010 Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | 6.5 |
| 2016-01-11 | CVE-2015-8333 | Permissions, Privileges, and Access Controls vulnerability in Huawei Vcn500 V100R002C00Spc200B010 The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | 7.1 |
| 2016-01-11 | CVE-2015-8331 | Improper Input Validation vulnerability in Huawei Vcn500 V100R002C00Spc200B010 The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | 7.4 |
| 2016-01-11 | CVE-2015-8231 | Resource Management Errors vulnerability in Huawei Espace 7910 and Espace 7950 Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. | 7.5 |
| 2016-01-11 | CVE-2015-8230 | Resource Management Errors vulnerability in Huawei Espace 8950 V200R003C00Spc200 Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted ARP packets. | 7.5 |
| 2016-01-08 | CVE-2015-8303 | Information Exposure vulnerability in Huawei Document Security Management V100R002C03Spc005 Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | 4.0 |
| 2016-01-08 | CVE-2015-8226 | Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | 5.5 |