Vulnerabilities > Huawei > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-22 | CVE-2017-8140 | Double Free vulnerability in Huawei P9 Plus Firmware Eval09C636B388/Vieal10 The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. | 7.8 |
| 2017-11-22 | CVE-2017-8138 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-8137 | Untrusted Search Path vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. | 7.8 |
| 2017-11-22 | CVE-2017-8135 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-8134 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-8133 | Command Injection vulnerability in Huawei Neteco V600R008C00/V600R008C10 Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-8132 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-8131 | Command Injection vulnerability in Huawei Fusionsphere Openstack V100R006C00/V100R006C10 The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. | 8.8 |
| 2017-11-22 | CVE-2017-2737 | Unrestricted Upload of File with Dangerous Type vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. | 8.8 |
| 2017-11-22 | CVE-2017-2736 | Command Injection vulnerability in Huawei Vcm5010 Firmware V100R001C10B010 VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. | 7.2 |