Vulnerabilities > Huawei > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-24 | CVE-2015-8678 | Improper Input Validation vulnerability in Huawei Mate S Firmware and P8 Firmware The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. | 5.5 |
| 2017-03-20 | CVE-2016-2406 | Permission Issues vulnerability in Huawei Document Security Management V100R002C03Spc005/V100R002C05Spc661 The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. | 4.3 |
| 2016-10-03 | CVE-2016-8280 | Path Traversal vulnerability in Huawei Esight V300R002C00/V300R003C10/V300R003C20 Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. | 6.5 |
| 2016-10-03 | CVE-2016-8277 | Improper Input Validation vulnerability in Huawei Usg9520, Usg9560 and Usg9580 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | 6.5 |
| 2016-10-03 | CVE-2015-8086 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | 4.9 |
| 2016-10-03 | CVE-2015-8085 | Inadequate Encryption Strength vulnerability in Huawei products Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | 4.9 |
| 2016-09-27 | CVE-2016-4058 | Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10 Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | 5.4 |
| 2016-09-26 | CVE-2016-6901 | Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | 6.5 |
| 2016-09-26 | CVE-2016-6827 | Information Exposure vulnerability in Huawei Fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-09-26 | CVE-2016-6826 | Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 6.5 |