Vulnerabilities > Huawei > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2014-9697 | Resource Exhaustion vulnerability in Huawei products Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | 7.5 |
| 2017-10-10 | CVE-2015-7842 | Permission Issues vulnerability in Huawei products Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | 7.1 |
| 2017-10-03 | CVE-2015-7843 | 7PK - Security Features vulnerability in Huawei products The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | 8.8 |
| 2017-08-29 | CVE-2015-8334 | SQL Injection vulnerability in Huawei Vcn500 Firmware V100R002C00Spc200/V100R002C00Spc200B010 SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 8.8 |
| 2017-08-28 | CVE-2015-8332 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware and Vcm5020 Firmware Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | 8.8 |
| 2017-06-27 | CVE-2015-2245 | Improper Input Validation vulnerability in Huawei P7-L09 Firmware Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | 7.5 |
| 2017-06-08 | CVE-2015-3913 | Improper Input Validation vulnerability in Huawei products The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | 7.5 |
| 2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
| 2017-06-08 | CVE-2015-2252 | Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 8.8 |
| 2017-06-08 | CVE-2015-2251 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | 7.5 |