‼ CVE-2022-48518 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46894 ‼
📖 Read
via "National Vulnerability Database".
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48512 ‼
📖 Read
via "National Vulnerability Database".
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37241 ‼
📖 Read
via "National Vulnerability Database".
Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48515 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34164 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48507 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46892 ‼
📖 Read
via "National Vulnerability Database".
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48510 ‼
📖 Read
via "National Vulnerability Database".
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37238 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48508 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48520 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48517 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3456 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48509 ‼
📖 Read
via "National Vulnerability Database".
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48516 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48519 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37239 ‼
📖 Read
via "National Vulnerability Database".
Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1695 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25090 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25089 ‼
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to a buffer overflow. An attacker can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.📖 Read
via "National Vulnerability Database".