# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-34743 |
125 |
|
|
2022-07-12 |
2022-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. |
2 |
CVE-2022-34742 |
125 |
|
|
2022-07-12 |
2022-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
3 |
CVE-2022-34739 |
|
|
Overflow |
2022-07-12 |
2022-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings. |
4 |
CVE-2022-34738 |
|
|
|
2022-07-12 |
2022-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background. |
5 |
CVE-2022-31761 |
|
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
6 |
CVE-2022-31757 |
|
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
7 |
CVE-2022-31754 |
|
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
8 |
CVE-2022-31753 |
134 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
9 |
CVE-2022-29796 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. |
10 |
CVE-2022-29795 |
476 |
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. |
11 |
CVE-2022-29793 |
|
|
|
2022-05-13 |
2022-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. |
12 |
CVE-2022-29792 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. |
13 |
CVE-2022-29791 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. |
14 |
CVE-2022-29790 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. |
15 |
CVE-2022-29789 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. |
16 |
CVE-2022-22261 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. |
17 |
CVE-2022-22257 |
269 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. |
18 |
CVE-2022-22256 |
|
|
|
2022-04-11 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
19 |
CVE-2022-22255 |
|
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. |
20 |
CVE-2022-22254 |
863 |
|
Bypass |
2022-04-11 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. |
21 |
CVE-2022-22253 |
354 |
|
|
2022-04-11 |
2022-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. |
22 |
CVE-2021-46814 |
787 |
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. |
23 |
CVE-2021-46813 |
212 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. |
24 |
CVE-2021-46812 |
|
|
|
2022-06-13 |
2022-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. |
25 |
CVE-2021-46811 |
276 |
|
|
2022-06-13 |
2022-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. |
26 |
CVE-2021-46789 |
|
|
|
2022-05-13 |
2022-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. |
27 |
CVE-2021-46788 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. |
28 |
CVE-2021-46787 |
|
|
|
2022-05-13 |
2022-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. |
29 |
CVE-2021-46785 |
|
|
|
2022-05-13 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. |
30 |
CVE-2021-46741 |
|
|
|
2022-07-12 |
2022-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity. |
31 |
CVE-2021-46740 |
287 |
|
|
2022-04-11 |
2022-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. |
32 |
CVE-2021-40065 |
|
|
|
2022-04-11 |
2022-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. |
33 |
CVE-2021-40063 |
|
|
|
2022-03-10 |
2022-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. |
34 |
CVE-2021-40061 |
843 |
|
|
2022-03-10 |
2022-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. |
35 |
CVE-2021-40051 |
668 |
|
|
2022-03-10 |
2022-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. |
36 |
CVE-2021-40049 |
276 |
|
+Info |
2022-03-10 |
2022-03-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. |
37 |
CVE-2021-40044 |
|
|
|
2022-02-09 |
2022-07-12 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. |
38 |
CVE-2021-40039 |
476 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
39 |
CVE-2021-40038 |
415 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
40 |
CVE-2021-40035 |
120 |
|
Overflow |
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. |
41 |
CVE-2021-40032 |
|
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. |
42 |
CVE-2021-40031 |
476 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
43 |
CVE-2021-40029 |
120 |
|
Overflow |
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. |
44 |
CVE-2021-40028 |
787 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. |
45 |
CVE-2021-40027 |
119 |
|
Overflow |
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. |
46 |
CVE-2021-40026 |
787 |
|
Overflow |
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. |
47 |
CVE-2021-40025 |
665 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. |
48 |
CVE-2021-40022 |
|
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. |
49 |
CVE-2021-40021 |
787 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. |
50 |
CVE-2021-40020 |
125 |
|
|
2022-01-10 |
2022-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. |