Vulnerabilities > Huawei > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-08 | CVE-2016-2214 | Cross-site Scripting vulnerability in Huawei Agile Controller-Campus V100R001C00Spc315 Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 6.1 |
| 2016-01-15 | CVE-2015-8675 | Credentials Management vulnerability in Huawei S5300 Firmware V200R005C02 Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | 6.2 |
| 2016-01-12 | CVE-2015-8673 | Credentials Management vulnerability in Huawei products Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to change the password by leveraging an unattended workstation. | 6.8 |
| 2016-01-12 | CVE-2015-8672 | Data Processing Errors vulnerability in Huawei Te60 Firmware The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | 5.3 |
| 2016-01-12 | CVE-2015-8337 | Unspecified vulnerability in Huawei Mate 7 Firmware and P8 Firmware The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter." | 5.5 |
| 2016-01-11 | CVE-2015-8335 | Information Exposure vulnerability in Huawei Vcn500 V100R002C00Spc200/V100R002C00Spc200B010 Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log. | 6.5 |
| 2016-01-08 | CVE-2015-8303 | Information Exposure vulnerability in Huawei Document Security Management V100R002C03Spc005 Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. | 4.0 |
| 2016-01-08 | CVE-2015-8226 | Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | 5.5 |
| 2016-01-08 | CVE-2015-8225 | Improper Input Validation vulnerability in Huawei ALE Firmware and Gem-703L Firmware The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226. | 5.5 |