CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Huawei : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31759 824 2022-06-13 2022-06-18
2.1
None Local Low Not required None None Partial
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
2 CVE-2022-31756 2022-06-13 2022-06-18
2.1
None Local Low Not required Partial None None
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
3 CVE-2022-31755 281 2022-06-13 2022-10-05
2.1
None Local Low Not required None None Partial
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
4 CVE-2022-31752 862 2022-06-13 2022-06-18
2.1
None Local Low Not required Partial None None
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.
5 CVE-2021-40045 347 2022-02-09 2022-02-16
2.1
None Local Low Not required Partial None None
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
6 CVE-2021-40006 327 2022-01-10 2022-07-12
2.1
None Local Low Not required Partial None None
The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.
7 CVE-2021-39991 2022-02-09 2022-07-12
2.1
None Local Low Not required Partial None None
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
8 CVE-2021-39986 2022-02-09 2022-07-12
2.1
None Local Low Not required Partial None None
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
9 CVE-2021-37115 2022-02-09 2022-07-12
2.1
None Local Low Not required Partial None None
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
10 CVE-2021-37107 787 2022-02-09 2022-02-25
2.1
None Local Low Not required Partial None None
There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.
11 CVE-2021-37103 276 2022-02-25 2022-03-08
2.1
None Local Low Not required Partial None None
There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.
12 CVE-2021-37036 200 +Info 2021-11-23 2021-11-24
2.1
None Local Low Not required Partial None None
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.
13 CVE-2021-22478 416 +Info 2022-02-25 2022-03-07
2.1
None Local Low Not required Partial None None
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.
14 CVE-2021-22471 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
15 CVE-2021-22468 668 +Info 2021-10-28 2022-05-03
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.
16 CVE-2021-22467 20 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
17 CVE-2021-22466 416 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
18 CVE-2021-22465 787 Overflow 2021-10-28 2022-05-03
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
19 CVE-2021-22463 416 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.
20 CVE-2021-22462 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
21 CVE-2021-22461 770 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
22 CVE-2021-22460 345 Bypass 2021-10-28 2021-11-02
2.1
None Local Low Not required None Partial None
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.
23 CVE-2021-22459 476 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.
24 CVE-2021-22457 20 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.
25 CVE-2021-22456 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
26 CVE-2021-22455 190 Overflow 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.
27 CVE-2021-22454 668 2021-10-28 2022-05-03
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
28 CVE-2021-22453 125 2021-10-28 2022-07-12
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
29 CVE-2021-22452 20 2021-10-28 2021-10-29
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
30 CVE-2021-22308 +Info 2021-06-03 2022-05-03
2.1
None Local Low Not required Partial None None
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.
31 CVE-2021-22295 276 Bypass 2021-08-06 2021-08-13
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
32 CVE-2021-22294 Bypass 2021-03-02 2021-03-09
2.1
None Local Low Not required None None Partial
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
33 CVE-2020-9229 200 +Info 2020-08-14 2021-07-21
2.1
None Local Low Not required Partial None None
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
34 CVE-2020-9202 922 2020-12-24 2020-12-28
2.1
None Local Low Not required Partial None None
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure.
35 CVE-2020-9149 2021-04-01 2021-12-09
2.1
None Local Low Not required None Partial None
An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages.
36 CVE-2020-9148 Bypass 2021-04-01 2021-12-09
2.1
None Local Low Not required None Partial None
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages.
37 CVE-2020-9128 326 +Info 2020-11-12 2020-11-20
2.1
None Local Low Not required Partial None None
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.
38 CVE-2020-1862 415 2020-03-20 2020-03-24
2.1
None Local Low Not required None None Partial
There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050.
39 CVE-2019-5263 307 +Info 2019-11-29 2020-08-24
2.1
None Local Low Not required Partial None None
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup.
40 CVE-2017-17149 Bypass 2018-03-09 2019-10-03
2.1
None Local Low Not required None Partial None
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet.
41 CVE-2017-8118 200 +Info 2017-11-22 2017-12-08
2.1
None Local Low Not required Partial None None
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.
42 CVE-2017-2739 494 2017-11-22 2019-10-03
2.9
None Local Network Medium Not required None Partial None
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications.
43 CVE-2017-2723 312 +Info 2017-11-22 2019-10-03
2.1
None Local Low Not required Partial None None
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak.
44 CVE-2017-2715 200 +Info 2017-11-22 2017-12-11
2.1
None Local Low Not required Partial None None
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak.
45 CVE-2016-8272 200 +Info 2017-04-02 2017-04-05
2.1
None Local Low Not required Partial None None
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks.
46 CVE-2016-4086 2016-06-30 2016-11-28
2.9
None Local Network Medium Not required None Partial None
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.
47 CVE-2015-8303 200 +Info 2016-01-08 2016-01-13
2.1
None Local Low Not required Partial None None
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file.
48 CVE-2014-9418 119 DoS Overflow 2014-12-24 2019-05-20
2.1
None Local Low Not required None None Partial
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
49 CVE-2014-9417 20 DoS 2014-12-24 2019-05-20
2.1
None Local Low Not required None None Partial
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
Total number of vulnerabilities : 49   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.