| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. |
| Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. |
| Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. |
| Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. |
| The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. |
| The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting. |
| Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write. |
| The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings. |
| The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. |
| The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality. |
| The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. |
| The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files. |
| Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. |
| Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. |
| Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71enu.dll, (2) mfc71loc.dll, (3) tcapi.dll, or (4) airpcap.dll. |
| GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193. |
| Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. |
| Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319. |
| Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote attackers to execute arbitrary code via a crafted packet, aka HWPSIRT-2016-05054. |