CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Huawei : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31763 476 2022-06-13 2022-06-18
4.9
None Local Low Not required None None Complete
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
2 CVE-2022-31762 20 2022-06-13 2022-10-05
4.6
None Local Low Not required Partial Partial Partial
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
3 CVE-2022-31751 2022-06-13 2022-10-05
4.9
None Local Low Not required None None Complete
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
4 CVE-2021-40037 843 2022-01-10 2022-01-13
4.9
None Local Low Not required None None Complete
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
5 CVE-2021-39992 732 2022-02-09 2022-02-16
4.6
None Local Low Not required Partial Partial Partial
There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
6 CVE-2021-39981 2022-01-03 2022-01-13
4.3
None Remote Medium Not required None Partial None
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.
7 CVE-2021-37109 Bypass 2022-02-09 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure.
8 CVE-2021-37105 434 2021-09-28 2021-10-06
4.3
None Remote Medium Not required None None Partial
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.
9 CVE-2021-37082 362 2021-12-07 2021-12-09
4.3
None Remote Medium Not required None None Partial
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash.
10 CVE-2021-37073 362 2021-12-07 2021-12-09
4.3
None Remote Medium Not required None Partial None
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with.
11 CVE-2021-36994 362 2021-10-28 2021-11-01
4.3
None Remote Medium Not required None Partial None
There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
12 CVE-2021-22479 119 Overflow 2022-02-25 2022-03-07
4.9
None Local Low Not required None None Complete
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
13 CVE-2021-22470 2021-10-28 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.
14 CVE-2021-22464 125 2021-10-28 2021-11-01
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.
15 CVE-2021-22458 119 Exec Code Overflow 2021-10-28 2021-11-02
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.
16 CVE-2021-22451 190 Overflow 2021-10-28 2021-11-01
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
17 CVE-2021-22450 459 2021-10-28 2021-11-01
4.9
None Local Low Not required None None Complete
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.
18 CVE-2021-22441 190 Overflow 2022-02-25 2022-03-07
4.9
None Local Low Not required None None Complete
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
19 CVE-2021-22424 401 DoS 2021-08-03 2021-08-11
4.9
None Local Low Not required None None Complete
A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.
20 CVE-2021-22419 345 2021-08-03 2021-08-11
4.9
None Local Low Not required None None Complete
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.
21 CVE-2021-22417 2021-08-03 2021-08-11
4.9
None Local Low Not required None None Complete
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage.
22 CVE-2021-22397 20 2021-08-02 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. Attackers can exploit this vulnerability by performing these files to cause privilege escalation attack. This can compromise normal service.
23 CVE-2021-22358 20 2021-05-27 2021-06-04
4.0
None Remote Low ??? None None Partial
There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.
24 CVE-2021-22340 362 2021-06-29 2021-07-07
4.7
None Local Medium Not required None None Complete
There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker with the root permission can exploit this vulnerability by performing some operations. Successful exploitation of this vulnerability may cause the system to crash. Affected product versions include: ManageOne 6.5.1.SPC200, 8.0.0,8.0.0-LCND81, 8.0.0.SPC100, 8.0.1,8.0.RC2, 8.0.RC3, 8.0.RC3.SPC100;SMC2.0 V600R019C10SPC700,V600R019C10SPC702, V600R019C10SPC703,V600R019C10SPC800, V600R019C10SPC900, V600R019C10SPC910, V600R019C10SPC920, V600R019C10SPC921, V600R019C10SPC922, V600R019C10SPC930, V600R019C10SPC931
25 CVE-2021-22335 119 Overflow 2021-06-03 2021-12-09
4.6
None Local Low Not required Partial Partial Partial
There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing.
26 CVE-2021-22318 476 DoS 2021-07-14 2021-07-15
4.9
None Local Low Not required None None Complete
A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service.
27 CVE-2021-22316 306 2021-06-03 2021-12-09
4.6
None Local Low Not required Partial Partial Partial
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability.
28 CVE-2021-22314 2021-03-22 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
29 CVE-2021-22299 2021-02-06 2022-07-12
4.6
None Local Low Not required Partial Partial Partial
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220.
30 CVE-2021-22298 2021-02-06 2022-03-29
4.0
None Remote Low ??? None None Partial
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
31 CVE-2021-22296 2021-03-02 2021-03-09
4.9
None Local Low Not required None None Complete
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
32 CVE-2020-9248 863 2020-07-31 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.
33 CVE-2020-9246 200 +Info 2020-08-21 2021-07-21
4.0
None Remote Low ??? Partial None None
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.
34 CVE-2020-9225 269 2020-06-18 2020-06-22
4.6
None Local Low Not required Partial Partial Partial
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.
35 CVE-2020-9208 200 +Info 2020-12-29 2021-07-21
4.0
None Remote Low ??? Partial None None
There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.
36 CVE-2020-9205 1236 2021-02-06 2021-02-10
4.0
None Remote Low ??? None Partial None
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
37 CVE-2020-9147 120 2021-04-01 2021-12-09
4.4
None Local Medium Not required Partial Partial Partial
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read.
38 CVE-2020-9100 426 2020-07-06 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing.
39 CVE-2020-9090 863 Exec Code 2020-10-12 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
FusionAccess version 6.5.1 has an improper authorization vulnerability. A command is authorized with incorrect privilege. Attackers with other privilege can execute the command to exploit this vulnerability. This may compromise normal service of the affected product.
40 CVE-2020-9078 269 2020-08-10 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
41 CVE-2020-1853 22 Dir. Trav. +Info 2020-02-17 2020-02-19
4.0
None Remote Low ??? Partial None None
GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage.
42 CVE-2020-1845 269 2020-04-27 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
43 CVE-2020-1844 269 2020-02-28 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
44 CVE-2020-1825 20 DoS 2020-06-15 2020-06-18
4.0
None Remote Low ??? None None Partial
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.
45 CVE-2020-1817 269 2020-04-30 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation.
46 CVE-2019-5286 79 XSS 2019-06-13 2019-06-14
4.3
None Remote Medium Not required None Partial None
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
47 CVE-2019-5278 125 2019-12-13 2019-12-19
4.0
None Remote Low ??? None None Partial
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.
48 CVE-2019-5245 426 Exec Code 2019-06-13 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could execute arbitrary code.
49 CVE-2019-5239 +Info 2019-08-08 2020-08-24
4.3
None Remote Medium Not required Partial None None
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful exploitation may cause the attacker to read information.
50 CVE-2018-7931 Bypass 2018-04-24 2019-10-03
4.3
None Remote Medium Not required None Partial None
Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism.
Total number of vulnerabilities : 85   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.