CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2021-22399
https://notcve.org/view.php?id=CVE-2021-22399
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11). La función Bluetooth de algunos smartphones de Huawei presenta una vulnerabilidad DoS. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-22331
https://notcve.org/view.php?id=CVE-2021-22331
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3). • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-js-en • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22330
https://notcve.org/view.php?id=CVE-2021-22330
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal. Se presenta una vulnerabilidad de escritura fuera de límites en el teléfono inteligente Huawei HUAWEI P30 versiones 9.1.0.131(C00E130R1P21) cuando se procesa un mensaje. Un atacante no autenticado puede explotar esta vulnerabilidad mediante el envío de un mensaje específico al dispositivo de destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-p30-en • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-9203
https://notcve.org/view.php?id=CVE-2020-9203
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. Se presenta una vulnerabilidad de errores de administración de recursos en Huawei P30. Los atacantes locales construyen un mensaje de difusión para alguna aplicación, causando que esta aplicación envíe este mensaje de difusión y afecte la experiencia de uso del cliente. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2020-9247
https://notcve.org/view.php?id=CVE-2020-9247
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B. Se presenta una vulnerabilidad de desbordamiento del búfer en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •