Vendor CVEs
Huawei
All CVEs
2,254 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-22362 | 0.00 | — | 0.01 | May 27, 2021 | There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected… | |||
| CVE-2021-22411 | 0.00 | — | 0.01 | May 27, 2021 | There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise… | |||
| CVE-2021-22339 | 0.00 | — | 0.00 | May 20, 2021 | There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal. | |||
| CVE-2021-22409 | 0.00 | — | 0.00 | May 20, 2021 | There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some… | |||
| CVE-2021-22331 | 0.00 | — | 0.01 | Apr 28, 2021 | There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service.… | |||
| CVE-2021-22332 | 0.00 | — | 0.01 | Apr 28, 2021 | There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by… | |||
| CVE-2021-22330 | 0.00 | — | 0.00 | Apr 28, 2021 | There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation… | |||
| CVE-2021-22393 | 0.00 | — | 0.01 | Apr 28, 2021 | There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending… | |||
| CVE-2021-22327 | 0.00 | — | 0.01 | Apr 28, 2021 | There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions… | |||
| CVE-2021-22312 | 0.00 | — | 0.01 | Apr 8, 2021 | There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service… | |||
| CVE-2020-9148 | 0.00 | — | 0.00 | Apr 1, 2021 | An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. | |||
| CVE-2020-9146 | 0.00 | — | 0.00 | Apr 1, 2021 | A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios. | |||
| CVE-2021-22314 | 0.00 | — | 0.00 | Mar 22, 2021 | There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the… | |||
| CVE-2021-22321 | 0.00 | — | 0.01 | Mar 22, 2021 | There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service.… | |||
| CVE-2021-22311 | 0.00 | — | 0.01 | Mar 22, 2021 | There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected… | |||
| CVE-2021-22320 | 0.00 | — | 0.01 | Mar 22, 2021 | There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some… | |||
| CVE-2021-22310 | 0.00 | — | 0.00 | Mar 22, 2021 | There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected… | |||
| CVE-2021-22309 | 0.00 | — | 0.01 | Mar 22, 2021 | There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions… | |||
| CVE-2020-9213 | 0.00 | — | 0.01 | Mar 22, 2021 | There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions… | |||
| CVE-2020-9206 | 0.00 | — | 0.00 | Mar 22, 2021 | The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and… | |||
| CVE-2020-9212 | 0.00 | — | 0.01 | Mar 22, 2021 | There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak. | |||
| CVE-2021-22294 | 0.00 | — | 0.00 | Mar 2, 2021 | A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. | |||
| CVE-2021-22296 | 0.00 | — | 0.00 | Mar 2, 2021 | A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. | |||
| CVE-2021-22305 | 0.00 | — | 0.00 | Feb 6, 2021 | There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow,… | |||
| CVE-2021-22304 | 0.00 | — | 0.00 | Feb 6, 2021 | There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to… | |||
| CVE-2021-22293 | 0.00 | — | 0.01 | Feb 6, 2021 | Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100,… | |||
| CVE-2021-22292 | 0.00 | — | 0.01 | Feb 6, 2021 | There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. | |||
| CVE-2021-22302 | 0.00 | — | 0.00 | Feb 6, 2021 | There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. | |||
| CVE-2021-22299 | 0.00 | — | 0.00 | Feb 6, 2021 | There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions… | |||
| CVE-2020-9205 | 0.00 | — | 0.01 | Feb 6, 2021 | There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to… | |||
| CVE-2021-22298 | 0.00 | — | 0.01 | Feb 6, 2021 | There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions… | |||
| CVE-2021-22306 | 0.00 | — | 0.00 | Feb 6, 2021 | There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound,… | |||
| CVE-2021-22300 | 0.00 | — | 0.00 | Feb 6, 2021 | There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other… | |||
| CVE-2021-22303 | 0.00 | — | 0.01 | Feb 6, 2021 | There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module… | |||
| CVE-2021-22307 | 0.00 | — | 0.00 | Feb 6, 2021 | There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. | |||
| CVE-2021-22301 | 0.00 | — | 0.00 | Feb 5, 2021 | Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. | |||
| CVE-2020-1866 | 0.00 | — | 0.00 | Jan 13, 2021 | There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions… | |||
| CVE-2020-1865 | 0.00 | — | 0.00 | Jan 13, 2021 | There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of… | |||
| CVE-2020-9209 | 0.00 | — | 0.00 | Jan 13, 2021 | There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can… | |||
| CVE-2020-9203 | 0.00 | — | 0.00 | Jan 13, 2021 | There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. | |||
| CVE-2020-9142 | 0.00 | — | 0.01 | Jan 13, 2021 | There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file. | |||
| CVE-2020-9144 | 0.00 | — | 0.01 | Jan 13, 2021 | There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer. | |||
| CVE-2020-9223 | 0.00 | — | 0.01 | Dec 29, 2020 | There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module. | |||
| CVE-2020-9207 | 0.00 | — | 0.01 | Dec 29, 2020 | There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise… | |||
| CVE-2020-1848 | 0.00 | — | 0.00 | Dec 29, 2020 | There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally. | |||
| CVE-2020-9094 | 0.00 | — | 0.01 | Dec 29, 2020 | There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | |||
| CVE-2020-9208 | 0.00 | — | 0.01 | Dec 29, 2020 | There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. | |||
| CVE-2020-9093 | 0.00 | — | 0.00 | Dec 29, 2020 | There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application… | |||
| CVE-2020-9125 | 0.00 | — | 0.00 | Dec 29, 2020 | There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to… | |||
| CVE-2020-9124 | 0.00 | — | 0.01 | Dec 29, 2020 | There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may… |
- CVE-2021-22362May 27, 2021risk 0.00cvss —epss 0.01
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected…
- CVE-2021-22411May 27, 2021risk 0.00cvss —epss 0.01
There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a bad judgment logic. Attackers can exploit this vulnerability by performing multiple abnormal activities to trigger the bad logic and cause out-of-bounds write. This may compromise…
- CVE-2021-22339May 20, 2021risk 0.00cvss —epss 0.00
There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
- CVE-2021-22409May 20, 2021risk 0.00cvss —epss 0.00
There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some…
- CVE-2021-22331Apr 28, 2021risk 0.00cvss —epss 0.01
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service.…
- CVE-2021-22332Apr 28, 2021risk 0.00cvss —epss 0.01
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by…
- CVE-2021-22330Apr 28, 2021risk 0.00cvss —epss 0.00
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation…
- CVE-2021-22393Apr 28, 2021risk 0.00cvss —epss 0.01
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending…
- CVE-2021-22327Apr 28, 2021risk 0.00cvss —epss 0.01
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions…
- CVE-2021-22312Apr 8, 2021risk 0.00cvss —epss 0.01
There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service…
- CVE-2020-9148Apr 1, 2021risk 0.00cvss —epss 0.00
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages.
- CVE-2020-9146Apr 1, 2021risk 0.00cvss —epss 0.00
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios.
- CVE-2021-22314Mar 22, 2021risk 0.00cvss —epss 0.00
There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the…
- CVE-2021-22321Mar 22, 2021risk 0.00cvss —epss 0.01
There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service.…
- CVE-2021-22311Mar 22, 2021risk 0.00cvss —epss 0.01
There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected…
- CVE-2021-22320Mar 22, 2021risk 0.00cvss —epss 0.01
There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some…
- CVE-2021-22310Mar 22, 2021risk 0.00cvss —epss 0.00
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected…
- CVE-2021-22309Mar 22, 2021risk 0.00cvss —epss 0.01
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions…
- CVE-2020-9213Mar 22, 2021risk 0.00cvss —epss 0.01
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft many specific packets. Successful exploit may cause some services to be abnormal. Affected products include some versions…
- CVE-2020-9206Mar 22, 2021risk 0.00cvss —epss 0.00
The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and…
- CVE-2020-9212Mar 22, 2021risk 0.00cvss —epss 0.01
There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.
- CVE-2021-22294Mar 2, 2021risk 0.00cvss —epss 0.00
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
- CVE-2021-22296Mar 2, 2021risk 0.00cvss —epss 0.00
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
- CVE-2021-22305Feb 6, 2021risk 0.00cvss —epss 0.00
There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow,…
- CVE-2021-22304Feb 6, 2021risk 0.00cvss —epss 0.00
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to…
- CVE-2021-22293Feb 6, 2021risk 0.00cvss —epss 0.01
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100,…
- CVE-2021-22292Feb 6, 2021risk 0.00cvss —epss 0.01
There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS.
- CVE-2021-22302Feb 6, 2021risk 0.00cvss —epss 0.00
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service.
- CVE-2021-22299Feb 6, 2021risk 0.00cvss —epss 0.00
There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions…
- CVE-2020-9205Feb 6, 2021risk 0.00cvss —epss 0.01
There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to…
- CVE-2021-22298Feb 6, 2021risk 0.00cvss —epss 0.01
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions…
- CVE-2021-22306Feb 6, 2021risk 0.00cvss —epss 0.00
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound,…
- CVE-2021-22300Feb 6, 2021risk 0.00cvss —epss 0.00
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other…
- CVE-2021-22303Feb 6, 2021risk 0.00cvss —epss 0.01
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module…
- CVE-2021-22307Feb 6, 2021risk 0.00cvss —epss 0.00
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.
- CVE-2021-22301Feb 5, 2021risk 0.00cvss —epss 0.00
Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow.
- CVE-2020-1866Jan 13, 2021risk 0.00cvss —epss 0.00
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions…
- CVE-2020-1865Jan 13, 2021risk 0.00cvss —epss 0.00
There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of…
- CVE-2020-9209Jan 13, 2021risk 0.00cvss —epss 0.00
There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can…
- CVE-2020-9203Jan 13, 2021risk 0.00cvss —epss 0.00
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
- CVE-2020-9142Jan 13, 2021risk 0.00cvss —epss 0.01
There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file.
- CVE-2020-9144Jan 13, 2021risk 0.00cvss —epss 0.01
There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.
- CVE-2020-9223Dec 29, 2020risk 0.00cvss —epss 0.01
There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module.
- CVE-2020-9207Dec 29, 2020risk 0.00cvss —epss 0.01
There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise…
- CVE-2020-1848Dec 29, 2020risk 0.00cvss —epss 0.00
There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally.
- CVE-2020-9094Dec 29, 2020risk 0.00cvss —epss 0.01
There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.
- CVE-2020-9208Dec 29, 2020risk 0.00cvss —epss 0.01
There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.
- CVE-2020-9093Dec 29, 2020risk 0.00cvss —epss 0.00
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application…
- CVE-2020-9125Dec 29, 2020risk 0.00cvss —epss 0.00
There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to…
- CVE-2020-9124Dec 29, 2020risk 0.00cvss —epss 0.01
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may…
Page 39 of 46