| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-31759 |
824 |
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
|
2 |
CVE-2022-31756 |
|
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
|
3 |
CVE-2022-31755 |
281 |
|
|
2022-06-13 |
2022-10-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
|
4 |
CVE-2022-31752 |
862 |
|
|
2022-06-13 |
2022-06-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
|
5 |
CVE-2021-40045 |
347 |
|
|
2022-02-09 |
2022-02-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. |
|
6 |
CVE-2021-40006 |
327 |
|
|
2022-01-10 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality. |
|
7 |
CVE-2021-39991 |
|
|
|
2022-02-09 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. |
|
8 |
CVE-2021-39986 |
|
|
|
2022-02-09 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. |
|
9 |
CVE-2021-37115 |
|
|
|
2022-02-09 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. |
|
10 |
CVE-2021-37107 |
787 |
|
|
2022-02-09 |
2022-02-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access. |
|
11 |
CVE-2021-37103 |
276 |
|
|
2022-02-25 |
2022-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality. |
|
12 |
CVE-2021-37036 |
200 |
|
+Info |
2021-11-23 |
2021-11-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. |
|
13 |
CVE-2021-22478 |
416 |
|
+Info |
2022-02-25 |
2022-03-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage. |
|
14 |
CVE-2021-22471 |
476 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
|
15 |
CVE-2021-22468 |
668 |
|
+Info |
2021-10-28 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. |
|
16 |
CVE-2021-22467 |
20 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. |
|
17 |
CVE-2021-22466 |
416 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. |
|
18 |
CVE-2021-22465 |
787 |
|
Overflow |
2021-10-28 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. |
|
19 |
CVE-2021-22463 |
416 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. |
|
20 |
CVE-2021-22462 |
476 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. |
|
21 |
CVE-2021-22461 |
770 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
|
22 |
CVE-2021-22460 |
345 |
|
Bypass |
2021-10-28 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. |
|
23 |
CVE-2021-22459 |
476 |
|
|
2021-10-28 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable. |
|
24 |
CVE-2021-22457 |
20 |
|
|
2021-10-28 |
2021-11-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. |
|
25 |
CVE-2021-22456 |
|
|
|
2021-10-28 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. |
|
26 |
CVE-2021-22455 |
190 |
|
Overflow |
2021-10-28 |
2021-11-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. |
|
27 |
CVE-2021-22454 |
668 |
|
|
2021-10-28 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. |
|
28 |
CVE-2021-22453 |
125 |
|
|
2021-10-28 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
|
29 |
CVE-2021-22452 |
20 |
|
|
2021-10-28 |
2021-10-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. |
|
30 |
CVE-2021-22308 |
|
|
+Info |
2021-06-03 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage. |
|
31 |
CVE-2021-22295 |
276 |
|
Bypass |
2021-08-06 |
2021-08-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. |
|
32 |
CVE-2021-22294 |
|
|
Bypass |
2021-03-02 |
2021-03-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. |
|
33 |
CVE-2020-9229 |
200 |
|
+Info |
2020-08-14 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. |
|
34 |
CVE-2020-9202 |
922 |
|
|
2020-12-24 |
2020-12-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim's device to launch the attack, successful exploit could cause information disclosure. |
|
35 |
CVE-2020-9149 |
|
|
|
2021-04-01 |
2021-12-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages. |
|
36 |
CVE-2020-9148 |
|
|
Bypass |
2021-04-01 |
2021-12-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. |
|
37 |
CVE-2020-9128 |
326 |
|
+Info |
2020-11-12 |
2020-11-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. |
|
38 |
CVE-2020-1862 |
415 |
|
|
2020-03-20 |
2020-03-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050. |
|
39 |
CVE-2019-5263 |
307 |
|
+Info |
2019-11-29 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and earlier versions and HwBackup with earlier versions before 9.1.1.308 have a brute forcing encrypted backup data vulnerability. Huawei smartphone user backup information can be obtained by brute forcing the password for encrypting the backup. |
|
40 |
CVE-2017-17149 |
|
|
Bypass |
2018-03-09 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet. |
|
41 |
CVE-2017-8118 |
200 |
|
+Info |
2017-11-22 |
2017-12-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
|
42 |
CVE-2017-2739 |
494 |
|
|
2017-11-22 |
2019-10-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. |
|
43 |
CVE-2017-2723 |
312 |
|
+Info |
2017-11-22 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. |
|
44 |
CVE-2017-2715 |
200 |
|
+Info |
2017-11-22 |
2017-12-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Files APP 7.1.1.309 and earlier versions in some Huawei mobile phones has a brute-force password cracking vulnerability due to the improper design of the Safe key database. An unauthorized attacker could access sensitive database information and may crack users' Safe passwords, leading to information leak. |
|
45 |
CVE-2016-8272 |
200 |
|
+Info |
2017-04-02 |
2017-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. |
|
46 |
CVE-2016-4086 |
|
|
|
2016-06-30 |
2016-11-28 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. |
|
47 |
CVE-2015-8303 |
200 |
|
+Info |
2016-01-08 |
2016-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by pasting the contents to another file. |
|
48 |
CVE-2014-9418 |
119 |
|
DoS Overflow |
2014-12-24 |
2019-05-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. |
|
49 |
CVE-2014-9417 |
20 |
|
DoS |
2014-12-24 |
2019-05-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. |
