Vulnerabilities > Huawei > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-09-27 | CVE-2016-4058 | Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10 Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." | 5.4 |
2016-09-26 | CVE-2016-6901 | Improper Input Validation vulnerability in Huawei AR Firmware and Netengine 16Ex Firmware Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands. | 6.5 |
2016-09-26 | CVE-2016-6827 | Information Exposure vulnerability in Huawei Fusioncompute Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
2016-09-26 | CVE-2016-6826 | Improper Access Control vulnerability in Huawei Anyoffice Secureapp 2.5.0301.0190/2.5.0501.0190 Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | 6.5 |
2016-09-26 | CVE-2016-8279 | Improper Access Control vulnerability in Huawei Honor6 Firmware, Mate S Firmware and P8 Firmware The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | 5.5 |
2016-09-26 | CVE-2016-6840 | Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03 Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | 6.1 |
2016-09-22 | CVE-2016-6824 | Improper Input Validation vulnerability in Huawei products Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP packets. | 6.5 |
2016-09-21 | CVE-2016-6158 | Cross-Site Request Forgery (CSRF) vulnerability in Huawei Ws331A Router Firmware Ws331A10V100R001C02B017Sp01 Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that (1) restore factory settings or (2) reboot the device via unspecified vectors. | 6.1 |
2016-09-07 | CVE-2016-7108 | Information Exposure vulnerability in Huawei UMA V200R001/V200R001C00Spc100/V200R001C00Spc200 Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. | 6.5 |
2016-09-07 | CVE-2016-6900 | Resource Management Errors vulnerability in Huawei products The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. | 5.5 |