# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-34741 |
120 |
|
Overflow |
2022-07-12 |
2022-07-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation. |
2 |
CVE-2022-34740 |
120 |
|
Overflow |
2022-07-12 |
2022-07-19 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation. |
3 |
CVE-2021-40059 |
276 |
|
|
2022-03-10 |
2022-03-14 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. |
4 |
CVE-2021-40016 |
863 |
|
|
2022-07-12 |
2022-07-15 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality. |
5 |
CVE-2021-40013 |
287 |
|
|
2022-07-12 |
2022-07-15 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. |
6 |
CVE-2021-37124 |
22 |
|
Dir. Trav. |
2021-10-27 |
2021-10-28 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97. |
7 |
CVE-2021-37039 |
20 |
|
|
2021-12-08 |
2021-12-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS. |
8 |
CVE-2021-22469 |
125 |
|
|
2021-10-28 |
2021-11-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. |
9 |
CVE-2021-22409 |
|
|
DoS |
2021-05-20 |
2022-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal. |
10 |
CVE-2021-22339 |
345 |
|
DoS |
2021-05-20 |
2021-05-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. |
11 |
CVE-2021-22334 |
|
|
|
2021-06-03 |
2022-07-12 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections. |
12 |
CVE-2018-7976 |
79 |
|
XSS |
2018-06-01 |
2018-07-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. |
13 |
CVE-2017-17175 |
20 |
|
DoS |
2018-07-02 |
2018-09-08 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. |
14 |
CVE-2017-15312 |
79 |
|
XSS |
2017-12-22 |
2018-01-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. |
15 |
CVE-2017-8189 |
22 |
|
Dir. Trav. |
2017-11-22 |
2017-12-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. |
16 |
CVE-2017-8168 |
311 |
|
+Info |
2017-11-22 |
2019-10-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted. |
17 |
CVE-2016-8275 |
20 |
|
|
2017-04-02 |
2017-04-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. |
18 |
CVE-2016-5850 |
79 |
|
XSS |
2016-07-12 |
2016-07-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
19 |
CVE-2016-4058 |
79 |
|
XSS |
2016-09-27 |
2016-11-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages." |
20 |
CVE-2013-4628 |
200 |
|
+Info |
2013-06-20 |
2013-06-21 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security zone. |
21 |
CVE-2012-3268 |
522 |
|
|
2013-02-01 |
2021-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |