Vendor CVEs
Huawei
All CVEs
2,254 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-57960 | 0.00 | — | 0.00 | Feb 6, 2025 | Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-57959 | 0.00 | — | 0.00 | Feb 6, 2025 | Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-57958 | 0.00 | — | 0.00 | Feb 6, 2025 | Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-12602 | 0.00 | — | 0.00 | Feb 6, 2025 | Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-57957 | 0.00 | — | 0.00 | Feb 6, 2025 | Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-57956 | 0.00 | — | 0.00 | Feb 6, 2025 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-57955 | 0.00 | — | 0.00 | Feb 6, 2025 | Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-57954 | 0.00 | — | 0.00 | Feb 6, 2025 | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-54121 | 0.00 | — | 0.00 | Jan 8, 2025 | Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-56456 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56455 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56454 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56453 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56452 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56451 | 0.00 | — | 0.00 | Jan 8, 2025 | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56450 | 0.00 | — | 0.00 | Jan 8, 2025 | Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56449 | 0.00 | — | 0.00 | Jan 8, 2025 | Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56448 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56447 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56446 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56445 | 0.00 | — | 0.00 | Jan 8, 2025 | Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-56444 | 0.00 | — | 0.00 | Jan 8, 2025 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56443 | 0.00 | — | 0.00 | Jan 8, 2025 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-54120 | 0.00 | — | 0.00 | Jan 8, 2025 | Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-56442 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-56441 | 0.00 | — | 0.00 | Jan 8, 2025 | Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56440 | 0.00 | — | 0.00 | Jan 8, 2025 | Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2024-56439 | 0.00 | — | 0.00 | Jan 8, 2025 | Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56438 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2024-56437 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2023-52955 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2023-52954 | 0.00 | — | 0.00 | Jan 8, 2025 | Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2023-52953 | 0.00 | — | 0.00 | Jan 8, 2025 | Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||
| CVE-2024-56436 | 0.00 | — | 0.00 | Jan 8, 2025 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56435 | 0.00 | — | 0.00 | Jan 8, 2025 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-56434 | 0.00 | — | 0.00 | Jan 8, 2025 | UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. | |||
| CVE-2023-52718 | 0.00 | — | 0.00 | Dec 28, 2024 | A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718 | |||
| CVE-2023-7266 | 0.00 | — | 0.00 | Dec 28, 2024 | Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266 | |||
| CVE-2022-48470 | 0.00 | — | 0.00 | Dec 28, 2024 | Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470 | |||
| CVE-2021-22484 | 0.00 | — | 0.00 | Dec 28, 2024 | Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). | |||
| CVE-2021-37000 | 0.00 | — | 0.00 | Dec 28, 2024 | Some Huawei wearables have a permission management vulnerability. | |||
| CVE-2020-1824 | 0.00 | — | 0.00 | Dec 28, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1823 | 0.00 | — | 0.00 | Dec 28, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1822 | 0.00 | — | 0.00 | Dec 28, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1821 | 0.00 | — | 0.00 | Dec 28, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1820 | 0.00 | — | 0.00 | Dec 28, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1819 | 0.00 | — | 0.00 | Dec 27, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-1818 | 0.00 | — | 0.00 | Dec 27, 2024 | There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of… | |||
| CVE-2020-9253 | 0.00 | — | 0.00 | Dec 27, 2024 | There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID:… | |||
| CVE-2020-9236 | 0.00 | — | 0.00 | Dec 27, 2024 | There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability… |
- CVE-2024-57960Feb 6, 2025risk 0.00cvss —epss 0.00
Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-57959Feb 6, 2025risk 0.00cvss —epss 0.00
Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-57958Feb 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-12602Feb 6, 2025risk 0.00cvss —epss 0.00
Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-57957Feb 6, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-57956Feb 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-57955Feb 6, 2025risk 0.00cvss —epss 0.00
Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-57954Feb 6, 2025risk 0.00cvss —epss 0.00
Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-54121Jan 8, 2025risk 0.00cvss —epss 0.00
Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-56456Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56455Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56454Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56453Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56452Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56451Jan 8, 2025risk 0.00cvss —epss 0.00
Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56450Jan 8, 2025risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56449Jan 8, 2025risk 0.00cvss —epss 0.00
Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56448Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56447Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56446Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56445Jan 8, 2025risk 0.00cvss —epss 0.00
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-56444Jan 8, 2025risk 0.00cvss —epss 0.00
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56443Jan 8, 2025risk 0.00cvss —epss 0.00
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-54120Jan 8, 2025risk 0.00cvss —epss 0.00
Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-56442Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-56441Jan 8, 2025risk 0.00cvss —epss 0.00
Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56440Jan 8, 2025risk 0.00cvss —epss 0.00
Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2024-56439Jan 8, 2025risk 0.00cvss —epss 0.00
Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56438Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2024-56437Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2023-52955Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2023-52954Jan 8, 2025risk 0.00cvss —epss 0.00
Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2023-52953Jan 8, 2025risk 0.00cvss —epss 0.00
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
- CVE-2024-56436Jan 8, 2025risk 0.00cvss —epss 0.00
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56435Jan 8, 2025risk 0.00cvss —epss 0.00
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-56434Jan 8, 2025risk 0.00cvss —epss 0.00
UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.
- CVE-2023-52718Dec 28, 2024risk 0.00cvss —epss 0.00
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718
- CVE-2023-7266Dec 28, 2024risk 0.00cvss —epss 0.00
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266
- CVE-2022-48470Dec 28, 2024risk 0.00cvss —epss 0.00
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470
- CVE-2021-22484Dec 28, 2024risk 0.00cvss —epss 0.00
Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM).
- CVE-2021-37000Dec 28, 2024risk 0.00cvss —epss 0.00
Some Huawei wearables have a permission management vulnerability.
- CVE-2020-1824Dec 28, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1823Dec 28, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1822Dec 28, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1821Dec 28, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1820Dec 28, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1819Dec 27, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-1818Dec 27, 2024risk 0.00cvss —epss 0.00
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of…
- CVE-2020-9253Dec 27, 2024risk 0.00cvss —epss 0.00
There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID:…
- CVE-2020-9236Dec 27, 2024risk 0.00cvss —epss 0.00
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability…
Page 18 of 46