# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-31763 |
476 |
|
|
2022-06-13 |
2022-06-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. |
2 |
CVE-2022-31762 |
20 |
|
|
2022-06-13 |
2022-10-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. |
3 |
CVE-2022-31751 |
|
|
|
2022-06-13 |
2022-10-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. |
4 |
CVE-2021-40037 |
843 |
|
|
2022-01-10 |
2022-01-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. |
5 |
CVE-2021-39992 |
732 |
|
|
2022-02-09 |
2022-02-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
6 |
CVE-2021-39981 |
|
|
|
2022-01-03 |
2022-01-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. |
7 |
CVE-2021-37109 |
|
|
Bypass |
2022-02-09 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. |
8 |
CVE-2021-37105 |
434 |
|
|
2021-09-28 |
2021-10-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. |
9 |
CVE-2021-37082 |
362 |
|
|
2021-12-07 |
2021-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. |
10 |
CVE-2021-37073 |
362 |
|
|
2021-12-07 |
2021-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. |
11 |
CVE-2021-36994 |
362 |
|
|
2021-10-28 |
2021-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist. |
12 |
CVE-2021-22479 |
119 |
|
Overflow |
2022-02-25 |
2022-03-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. |
13 |
CVE-2021-22470 |
|
|
|
2021-10-28 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. |
14 |
CVE-2021-22464 |
125 |
|
|
2021-10-28 |
2021-11-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. |
15 |
CVE-2021-22458 |
119 |
|
Exec Code Overflow |
2021-10-28 |
2021-11-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. |
16 |
CVE-2021-22451 |
190 |
|
Overflow |
2021-10-28 |
2021-11-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. |
17 |
CVE-2021-22450 |
459 |
|
|
2021-10-28 |
2021-11-01 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. |
18 |
CVE-2021-22441 |
190 |
|
Overflow |
2022-02-25 |
2022-03-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. |
19 |
CVE-2021-22424 |
401 |
|
DoS |
2021-08-03 |
2021-08-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. |
20 |
CVE-2021-22419 |
345 |
|
|
2021-08-03 |
2021-08-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. |
21 |
CVE-2021-22417 |
|
|
|
2021-08-03 |
2021-08-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage. |
22 |
CVE-2021-22397 |
20 |
|
|
2021-08-02 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service. |
23 |
CVE-2021-22358 |
20 |
|
|
2021-05-27 |
2021-06-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. |
24 |
CVE-2021-22340 |
362 |
|
|
2021-06-29 |
2021-07-07 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931 |
25 |
CVE-2021-22335 |
119 |
|
Overflow |
2021-06-03 |
2021-12-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing. |
26 |
CVE-2021-22318 |
476 |
|
DoS |
2021-07-14 |
2021-07-15 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service. |
27 |
CVE-2021-22316 |
306 |
|
|
2021-06-03 |
2021-12-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability. |
28 |
CVE-2021-22314 |
|
|
|
2021-03-22 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. |
29 |
CVE-2021-22299 |
|
|
|
2021-02-06 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220. |
30 |
CVE-2021-22298 |
|
|
|
2021-02-06 |
2022-03-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. |
31 |
CVE-2021-22296 |
|
|
|
2021-03-02 |
2021-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. |
32 |
CVE-2020-9248 |
863 |
|
|
2020-07-31 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. |
33 |
CVE-2020-9246 |
200 |
|
+Info |
2020-08-21 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. |
34 |
CVE-2020-9225 |
269 |
|
|
2020-06-18 |
2020-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. |
35 |
CVE-2020-9208 |
200 |
|
+Info |
2020-12-29 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. |
36 |
CVE-2020-9205 |
1236 |
|
|
2021-02-06 |
2021-02-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. |
37 |
CVE-2020-9147 |
120 |
|
|
2021-04-01 |
2021-12-09 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. |
38 |
CVE-2020-9100 |
426 |
|
|
2020-07-06 |
2021-07-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing. |
39 |
CVE-2020-9090 |
863 |
|
Exec Code |
2020-10-12 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product. |
40 |
CVE-2020-9078 |
269 |
|
|
2020-08-10 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. |
41 |
CVE-2020-1853 |
22 |
|
Dir. Trav. +Info |
2020-02-17 |
2020-02-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. |
42 |
CVE-2020-1845 |
269 |
|
|
2020-04-27 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. |
43 |
CVE-2020-1844 |
269 |
|
|
2020-02-28 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. |
44 |
CVE-2020-1825 |
20 |
|
DoS |
2020-06-15 |
2020-06-18 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. |
45 |
CVE-2020-1817 |
269 |
|
|
2020-04-30 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation. |
46 |
CVE-2019-5286 |
79 |
|
XSS |
2019-06-13 |
2019-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007. |
47 |
CVE-2019-5278 |
125 |
|
|
2019-12-13 |
2019-12-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash. |
48 |
CVE-2019-5245 |
426 |
|
Exec Code |
2019-06-13 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code. |
49 |
CVE-2019-5239 |
|
|
+Info |
2019-08-08 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information. |
50 |
CVE-2018-7931 |
|
|
Bypass |
2018-04-24 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism. |