Filtered by vendor Huawei
Subscribe
Total
1604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22454 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. | |||||
| CVE-2021-37106 | 1 Huawei | 1 Fusioncompute | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. | |||||
| CVE-2021-37023 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. | |||||
| CVE-2021-22361 | 1 Huawei | 4 Ecns280, Ecns280 Firmware, Ese620x Vess and 1 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service. | |||||
| CVE-2021-22465 | 1 Huawei | 1 Harmonyos | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. | |||||
| CVE-2021-40011 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity. | |||||
| CVE-2017-14491 | 13 Arista, Arubanetworks, Canonical and 10 more | 29 Eos, Arubaos, Ubuntu Linux and 26 more | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | |||||
| CVE-2020-1881 | 1 Huawei | 8 Nip6800, Nip6800 Firmware, Oceanstor 5310 and 5 more | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices. | |||||
| CVE-2022-22256 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-22254 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-22255 | 1 Huawei | 2 Emui, Harmonyos | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | |||||
| CVE-2022-22253 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | |||||
| CVE-2022-22257 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2019-5284 | 1 Huawei | 2 Leland-al00a, Leland-al00a Firmware | 2022-04-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei smart phones versions earlier than Leland-AL00A 9.1.0.111(C00E111R2P10T8). Remote attackers could trick the user into opening a malformed RTSP media stream to exploit this vulnerability. Successful exploit could cause the affected phone abnormal, leading to a DoS condition. (Vulnerability ID: HWPSIRT-2019-02004) | |||||
| CVE-2021-46740 | 1 Huawei | 2 Emui, Harmonyos | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-22298 | 1 Huawei | 1 Manageone | 2022-03-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. | |||||
| CVE-2021-33658 | 1 Huawei | 2 Atune, Openeuler | 2022-03-18 | 4.6 MEDIUM | 7.8 HIGH |
| atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | |||||
| CVE-2021-40062 | 1 Huawei | 2 Emui, Magic Ui | 2022-03-14 | 7.8 HIGH | 7.5 HIGH |
| There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2021-40061 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity. | |||||