1006 matches found
Security Advisory - VENOM Vulnerability in Huawei Products
Huawei has noticed the buffer overflow vulnerability in the floppy disk controller FDC of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. Vulnerability ID:...
Security Advisory - Two Privilege Escalation Vulnerabilities in Huawei Mate 7 Smartphones
The tzdriver module of Huawei Mate 7 smartphone has an input check error, which allows the user-mode application to modify kernel-mode memory data and maybe make system break down or application elevate privilege. Vulnerability ID: HWPSIRT-2015-03011 These Vulnerabilities have been assigned Commo...
Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product
Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...
Security Advisory - The input verification vulnerability of a Huawei Device product is involved.
A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks. Vulnerability ID: HWPSIRT-2022-49379 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-37395. For products that have released...
Security Advisory - Use-after-free Vulnerability in Huawei Products
There is a use-after-free UAF vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Vulnerability ID: HWPSIRT-2020-67955 This vulnerability has been assigned a Common Vulnerabilities and...
Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...
Security Advisory - Denial of Service Vulnerability in Huawei Product
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages due to validating inputs insufficiently. Attackers can exploit this vulnerability by sending specific messages to affected module. This can cause denial of service. Vulnerability ID:...
Security Advisory - Use After Free Vulnerability in Huawei Product
There is a use-after-free vulnerability in Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Vulnerability ID:...
Security Advisory - Logic Vulnerability in Huawei Gauss100 Product
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Vulnerability ID: HWPSIRT-2020-94600 This...
Security Advisory - Out of Bound Read Vulnerability in Huawei Product
There is an out of bound read vulnerability in some products. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. Vulnerability ID: HWPSIRT-2020-24601 This vulnerability has been assigned ...
Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone
There is a use-after-free UAF vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and make information leak. Vulnerability ID:...
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Products
There is an out-of-bounds read and write vulnerability in some products. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot...
Security Advisory - Improper Interface Design Vulnerability in Huawei Product
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. Vulnerability ID: HWPSIRT-2020-0501...
Security Advisory - Logic Check Error Vulnerability in Several Smartphones
There is a logic check error vulnerability in several smartphones. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. Vulnerability ID:...
Security Advisory - Denial of Service Vulnerability in Several Smartphones
There is a denial of service vulnerability in several smartphones. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service...
Security Advisory - Race Condition Vulnerability in Several Smartphones
There is a race condition vulnerability in several smartphones. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful...
Security Advisory - Use After Free Vulnerability in Several Smartphones
There is a use after free vulnerability in several smartphones. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution...
Security Advisory - Insufficient Integrity Check Vulnerability in Several Smartphones
There is an insufficient integrity check vulnerability in several smartphones. The system does not check certain software package's integrity sufficiently, successful exploit could allow an attacker to load a crafted software package to the device. Vulnerability ID: HWPSIRT-2019-11020 This...
Security Advisory - Insufficient Input Verification of Some Huawei products
Some Huawei products have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage. Vulnerability ID: HWPSIRT-2020-05141 This...
Security Advisory - Out of Bounds Read Vulnerability in Some Huawei Products
There is an out-of-bounds read vulnerability in some Huawei products. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. Vulnerability ID: HWPSIRT-2018-12378 This vulnerability has been...
Security Advisory - Information Leak Vulnerability in Some Huawei Products
There is an information leak vulnerability in some Huawei products. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. Vulnerability ID: HWPSIRT-2019-10453 This vulnerability has been assigned a Common...
Security Advisory - DoS Vulnerability in Some Huawei Smart Phones
Some Huawei mobile phone versions have a denial of service DoS vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures...
Security Advisory - Two JSON Injection Vulnerabilities in Some Huawei Servers
The iBMC Intelligent Baseboard Management Controller of some Huawei servers have two JSON injection vulnerabilities due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers t...
Security Advisory - Authentication Bypass Vulnerability in Some Huawei Servers
There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level...
Security Advisory - Buffer Overflow Vulnerability in eNSP Software
There is a buffer overflow vulnerability in eNSP software. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal. Vulnerability ID: HWPSIRT-2017-12012 This vulnerability has been assigned a Commo...
Security Advisory - Out-of-Bounds Read Vulnerability in Some Huawei Products
There is an out-of-bounds read vulnerability in the SFTP module of some Huawei products. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak. Vulnerability ID:...
Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products
There is an out-of-bound read vulnerability in some Huawei products. A remote attacker send specially crafted Session Initiation Protocol SIP messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. Vulnerability ID:...
Security Advisory - Two Remote Code Execution Vulnerabilities in Huawei eSpace Product
There are two remote code execution vulnerabilities in import Signal Tone function and import Language Package function of Huawei eSpace product. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone or Language Package is uploaded. Due to...
Security Advisory - DoS Vulnerability in Timergrp Module of Some Huawei Products
There is an DoS vulnerability in Timergrp module of some Huawei products due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to...
Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products
XML parser have two DOS vulnerabilities in some Huawei products. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks. Vulnerability ID: HWPSIRT-2017-03037 and...
Security Advisory - Three Out-of-bounds Read Vulnerabilities in Some Huawei Products
There are three out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and...
Security Advisory - Two Vulnerabilities in The FusionSphere OpenStack
The FusionSphere OpenStack has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. Vulnerability ID: HWPSIRT-2017-06001 This...
Security Advisory - Several Vulnerabilities on the VCM5010
There is a command injection vulnerability on the VCM5010. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. Vulnerability ID: HWPSIRT-2016-12094 This vulnerability has been assigned a Common Vulnerabilities and Exposures CV...
Security Advisory - EFM Flapping Vulnerability in Huawei Products
Some Huawei VRP-based products have an Ethernet in the First Mile EFM flapping vulnerability due to the lack of type-length-value TLV consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping. Vulnerability ID: HWPSIRT-2016-09025 This vulnerability...
Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones
There is a stack overflow vulnerabilities in touchscreen drive of some Huawei Smart phones. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege Vulnerability ID:...
Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones
There is an input validation vulnerability in the Wi-Fi Driver of some Huawei smart phones. An attacker may trick a user into installing a malicious application, and the application can exploit this vulnerability to gain privileges for certain system calls. Vulnerability ID: HWPSIRT-2016-11026 Th...
Security Advisory - XSS Vulnerability in Huawei OceanStor ISM
The OceanStor ISM is an integrated system management software product that allows users to manages CSS, view CSS alarms and some other types of basic information, and configure basic functions. The management interface of the OceanStor ISM has a XSS vulnerability because the system does not escap...
Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
There is an input validation vulnerability in Huawei multiple products, an attacker with control plane access may exploit this vulnerability by crafting a malformed packet. An exploit could allow the attacker to cause a Denial of Service or execute arbitrary code. Vulnerability ID:...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
Some Huawei products have a memory leak vulnerability. When the packet processing module of the device processes abnormal Multiprotocol Label Switching MPLS packets sent by attackers, the module repeatedly applies for memory, resulting in memory exhaustion in persistent attacks. Vulnerability ID:...
Security Advisory - Two Vulnerabilities in Huawei TE Series Product
Huawei TE series is a multimedia video conferencing endpoint that transfers audio, video, and desktop resources based on IP networks. It offers point-to-point and multiparty conferences for attendees at different places to enjoy face-to-face audio/video communication experience. A security...
Security Advisory - Multiple Injection Vulnerabilities in UDS
The OceanStor UDS has some vulnerability: Attacker injects JavaScript into patch. After the patch is loaded through the OceanStor DeviceManager, the returned content contains the injected script. After the script is parsed and executed on the OceanStor DeviceManager, information leak occurs...
Security Advisory-Multiple Vulnerabilities on Huawei Tecal
Some Huawei server products have multiple security vulnerabilities. 1.Some Huawei server products have the sensitive information leak vulnerability. Users who log in to the products can view the sessions IDs of all online users on the Online Users page of the web UI. Attackers can also view the...
Security Advisory- Risk of Password Being Cracked Due to DES Encryption Algorithm
In multiple Huawei products, DES encryption algorithm is used for password and the encryption is not strong enough so it may be cracked HWNSIRT-2012-0820. This Vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2012-4960. Temporary fix for this vulnerability is...
Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product
A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.Vulnerability ID:HWPSIRT-2022-90270 This vulnerability has been assigned a CVEID:CVE-2022-48472...
Security Advisory - System Command Injection Vulnerability in a Huawei Printer Product
A Huawei printer has a system command injection vulnerability. Successful exploitation could allow attackers to gain higher privileges. Vulnerability ID:HWPSIRT-2022-87340 This vulnerability has been assigned a CVE ID: CVE-2022-48259...
Security Advisory - Input Verification Vulnerability Involving Huawei Printer Products
Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. Vulnerability ID: HWPSIRT-2022-80078 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-34159. For products that...
Security Advisory - Privilege Escalation Vulnerability in Huawei Product
A Huawei product has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. Vulnerability ID: HWPSIRT-2021-49498 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2021-40046. For...
Security Advisory - Improper Authorization Vulnerability in Some Huawei Products
There is an improper authorization vulnerability in some Huawei products. Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target...
Security Advisory - Memory Leak Vulnerability in Huawei Products
There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Vulnerability ID: HWPSIRT-2020-89990 This vulnerability has been...
Security Advisory - Use after Free Vulnerability in Huawei Smartphone
There is a user after free vulnerability in Huawei smartphone. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. Vulnerability ID: HWPSIRT-2020-03123 This vulnerability has been...