811 matches found
CVE-2023-52369
CVE-2023-52369 is a stack overflow vulnerability in the NFC module with a reported impact on availability and integrity. NVD records a CVSS v3.1 base score of 9.1 (CRITICAL) with network access, low complexity, no privileges required, and no user interaction, affecting the NFC-related component a...
CVE-2023-52363
CVE-2023-52363 describes a defect introduced in the design process in the Control Panel module with potential to cause app processes to start by mistake. Public sources reference Huawei HarmonyOS/EMUI context and generic design-phase vulnerability impact. The available documents do not provide co...
CVE-2023-52387
The CVE-2023-52387 entry describes a Resource Reuse vulnerability in the GPU module that can affect confidentiality. Connected CNVD/CNNVD and related records map this issue to Huawei EMUI and Huawei HarmonyOS (mobile OSes) with a resource reuse flaw in the GPU component. The NVD/NVD-derived metri...
CVE-2023-52365
CVE-2023-52365 is an out-of-bounds read vulnerability in the smart activity recognition module, reported across Huawei EMUI and Huawei HarmonyOS. The root cause is an out-of-bounds read that can cause features to behave abnormally. Public technical details are limited in the provided documents, b...
CVE-2023-52373
Summary of CVE-2023-52373 : A permission verification flaw in the Huawei HarmonyOS/EMUI share box module's content sharing pop-up allows unauthorized file sharing. The vulnerability is described across multiple sources (NVD, Red Hat CVE page, CNVD/CNNVD entries) with a high impact on confidential...
CVE-2023-52375
CVE-2023-52375 concerns Huawei HarmonyOS/EMUI’s WMS (WindowManagerService) module. Connected sources describe a privilege control vulnerability in the WMS, which can affect usability and, per the NVD entry, may impact availability. The CVE’s description notes a permission control issue in WindowM...
CVE-2023-52371
CVE-2023-52371 corresponds to a vulnerability with null references in the motor module, affecting Huawei HarmonyOS and Huawei EMUI. The impact is an availability impact as described in multiple sources. The root cause is a null pointer/reference in the motor module. Affected products include Harm...
CVE-2023-52377
CVE-2023-52377 affects Huawei EMUI (cellular data module). The vulnerability arises from input data not being verified, potentially enabling out-of-bounds access. Reported CVSS v3.1 base score is 7.4 (HIGH) with network attack vector, high impact on confidentiality and availability, and no user i...
CVE-2023-52374
CVE-2023-52374 is tied to Huawei HarmonyOS and EMUI, involving a privilege-control vulnerability in the package management module. The CNVD/CNNVD entries describe an access control flaw that could allow an attacker to compromise confidentiality within the package management subsystem. No explicit...
CVE-2023-52358
CVE-2023-52358 concerns a configuration flaw in Huawei HarmonyOS/EMUI audio module APIs that can be exploited to cause a denial of service, impacting availability. The vulnerability is tied to the audio subsystem in HarmonyOS and EMUI, with the root cause described as a configuration defect in th...
CVE-2023-52097
CVE-2023-52097 is linked to Huawei EMUI and Huawei HarmonyOS. The connected CNVD entry describes a vulnerability that allows bypassing the foreground service restriction, with impact to system confidentiality. The CVE entry itself notes a foreground-service–restrictions bypass in the NMS module a...
CVE-2023-52381
The CVE-2023-52381 entry corresponds to a script injection vulnerability in Huawei HarmonyOS/EMUI mail module. The CNVD CNVD-2024-31083 document confirms an in-component script injection that can allow an attacker to execute arbitrary code on affected systems. The NVD/NVD-derived description simi...
CVE-2023-52380
CVE-2023-52380 is an improper access control vulnerability affecting the Huawei HarmonyOS/EMUI mail module. The root cause is insufficient access controls in the mail component, potentially allowing information disclosure. Public documents enumerate HarmonyOS/EMUI mail as affected, with no explic...
CVE-2023-52378
CVE-2023-52378 relates to Huawei HarmonyOS/EMUI WMS (WindowManagerServices) with an incorrect service logic root cause in the WMS module. The connected CNVD/CNNVD entries describe a privilege control type vulnerability and a business logic error that can lead to usability issues or functional exc...
CVE-2023-52368
CVE-2023-52368 is linked to Huawei HarmonyOS/EMUI via CNVD/CNNVD references. The vulnerability is described as an input verification flaw in the Accounts module that can cause features to behave abnormally and, per CNVD, may lead to a denial-of-service condition. The NVD entry lists a network-bas...
CVE-2023-52372
CVE-2023-52372 affects Huawei HarmonyOS (including EMUI) with a vulnerability in the motor module’s input parameter verification that can cause a denial of service and affect availability. The CNVD entry corroborates a DoS impact linked to HarmonyOS/EMUI, and the NVD/NVD-derived description also ...
CVE-2023-52362
Technical details about CVE-2023-52362 are not publicly provided in the supplied documents. Monitor for updates from vendors (Huawei/Red Hat/CNVD) for affected products, versions, root cause specifics, and patches.
CVE-2023-52376
Technical details about CVE-2023-52376 are not publicly provided in the supplied connected documents. Monitor for updates from vendors and security trackers for affected products, scope, and remediation.
CVE-2023-52366
CVE-2023-52366 describes an out-of-bounds read vulnerability in the smart activity recognition module, potentially causing features to behave abnormally. Public details come from multiple sources (NVD, Red Hat, CVE records, CNNVD) and indicate the issue affects Huawei/EMUI-type Android-based envi...
CVE-2023-52360
CVE-2023-52360 is a Huawei HarmonyOS baseband logic vulnerability with a network-facing attack surface that can compromise service integrity. The CVSS=7.5 (HIGH) reflects potential high impact to integrity while confidentiality/availability remain unaffected per the provided metrics. Several conn...
CVE-2023-52370
CVE-2023-52370 is a stack overflow vulnerability in the network acceleration module that can lead to unauthorized file access. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts ...
CVE-2023-41301
CVE-2023-41301 describes a vulnerability in the PMS module enabling unauthorized API access, with exploitation potentially causing features to behave abnormally. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), with network attack vector, no privileges required, no user interaction, and ...
CVE-2023-39394
CVE-2023-39394 describes an API privilege-escalation vulnerability in Huawei HarmonyOS’s wifienhance module. According to the NVD entry, successful exploitation could allow modification of the ARP list, implying impact to ARP cache integrity (high with I:H, network attack vector, no user interact...
CVE-2023-39390
CVE-2023-39390 affects Huawei HarmonyOS, specifically the window management module. The vulnerability arises from input parameter verification weaknesses in certain APIs, which, if exploited over the network, could cause the device to restart (CVSS 7.5, HIGH; AV:N, AC:L, PR:N, UI:N, S:U, C:N, I:N...
CVE-2023-39404
CVE-2023-39404 concerns Huawei HarmonyOS and is tied to the window management module. The vulnerability stems from insufficient input parameter verification in certain APIs, which can be exploited to cause a device reboot (DoS). Public exploitation details are not provided in the supplied documen...
CVE-2023-37238
The CVE-2023-37238 entry concerns Huawei HarmonyOS. Affected component: wireless projection module (and related screen casting interfaces). Root cause: incomplete verification of apps’ permission to access a specific API, enabling insufficient permission checks. Impact: exploitation could affect ...
CVE-2023-37241
CVE-2023-37241 is an input verification vulnerability in the WMS API. Exploitation could cause the affected device to restart. The available connected sources confirm the issue and its impact but do not provide concrete exploit details, affected versions, or a validated fix/update. No remediation...
CVE-2023-52367
CVE-2023-52367 describes an improper access control vulnerability in the media library module, observed in Huawei HarmonyOS and EMUI. The root cause is access-control failure, with CVSS 3.1 indicating a local exploit could enable high-impact outcomes to integrity and availability, and no privileg...
CVE-2022-31757
Technical details, affected products, and remediation are not publicly provided in the supplied documents. Monitor updates from Red Hat, NVD, and other sources for concrete impact and fixes.
CVE-2022-48312
The CVE-2022-48312 entry concerns the HwPCAssistant module in Huawei/HarmonyOS, described as an out-of-bounds read/write vulnerability that may compromise confidentiality and integrity. The connected records identify the affected component (HwPCAssistant) and the underlying issue (out-of-bounds a...
CVE-2022-22253
CVE-2022-22253 affects Huawei HarmonyOS’s DFX module , where an vulnerability stems from improper validation of integrity check values . This can lead to system instability if exploitable. Connected sources (Red Hat, NVD, CNVD, etc.) reiterate the same description without detailing a specific pat...
CVE-2022-22256
CVE-2022-22256 affects Huawei HarmonyOS, specifically the DFX module, which has an access control error. The vulnerability arises from inadequate restriction of resources to unauthorized roles, with potential impact on data confidentiality. Public references in the dataset describe the issue cons...
CVE-2023-52379
CVE-2023-52379 describes a permission-control vulnerability in the calendarProvider module that can affect service confidentiality. The CVE entry indicates a high-severity impact (confidentiality) with network attack vector, no user interaction, no privileges required, and no impact on availabili...
CVE-2021-40045
CVE-2021-40045 concerns Huawei HarmonyOS (Wearables recovery upgrade system) where the signature verification mechanism can fail during system upgrade in recovery mode. The underlying vulnerability is a signature verification failure that can affect confidentiality of service. The NVD entry notes...
CVE-2021-39986
CVE-2021-39986 is associated with Huawei EMUI (EMUI 12.0.0) and a memory access management module on the ACPU, where an unauthorized rewrite vulnerability can affect service confidentiality. CNVD-2022-12802 documents EMUI 12.0.0 as affected. The CVSSv3.1 vector indicates a local, low-effort attac...
CVE-2021-22434
CVE-2021-22434 is described as a memory address out-of-bounds vulnerability in smartphones that can enable malicious code execution. Public records reference Huawei HarmonyOS and Huawei bulletin updates as mitigation, indicating the issue affected HarmonyOS-based devices and was addressed in vend...
CVE-2021-22432
CVE-2021-22432 affects Huawei HarmonyOS smartphones where a vulnerability in permission isolation can lead to out-of-bounds access. Connected sources cite a Huawei HarmonyOS buffer error vulnerability in some products; however, detailed affected versions, vulnerable component specifics, exploit i...
CVE-2021-37107
CVE-2021-37107 concerns Huawei EMUI/Magic UI with a misconfigured ACPU memory access permissions, leading to potential out-of-bounds access. Affected product family appears to be Huawei EMUI-based Android devices; root cause is improper memory access permission configuration on ACPU. The CVE entr...
CVE-2021-40044
CVE-2021-40044 involves a permission verification vulnerability in the Bluetooth module, with Huawei EMUI as the affected context. The underlying issue is in the Bluetooth permission check, enabling unauthorized operations if exploited. NVD lists CVSSv3.1 base score 8.8 (HIGH) with adjacent attac...
CVE-2023-52357
Huawei HarmonyOS and Huawei EMUI contain a denial-of-service vulnerability in the vibration framework caused by a serialization/deserialization mismatch. The CNVD/CNNVD entries describe an availability impact, with exploitation likely local to the device. The NVD entry reiterates a serialization/...
CVE-2021-37115
Huawei EMUI (Android-based) is affected by CVE-2021-37115 due to an unauthorized rewrite vulnerability in the ACPU memory access management module. Exploitation may lead to information disclosure (confidentiality) of sensitive data. The available documents do not specify affected versions, root c...
CVE-2021-40047
The CVE-2021-40047 entry relates to Huawei EMUI and Magic UI Bastet modules, where a memory is not released after its effective lifetime. The vulnerability affects the Bastet component and may impact integrity if exploited. Exploitation details, affected versions, and a remediation/patch are not ...
CVE-2021-22394
CVE-2021-22394 concerns a buffer overflow in HarmonyOS smartphones that may cause DoS of apps during Multi-Screen Collaboration. The Connected documents corroborate a buffer-overflow issue affecting smartphones, but do not provide concrete patched versions, vulnerable component details, exploit s...
CVE-2022-22260
CVE-2022-22260 is a kernel-module use-after-free vulnerability in Huawei/HarmonyOS reported across multiple sources (NVD, RH, CNVD/CNNVD). The issue is exploited via network access with low attack complexity and no authentication, leading to potential data integrity and availability impact (CVSS ...
CVE-2021-40059
CVE-2021-40059 is linked to Huawei Huawei Emui and Magic UI Wi-Fi modules, with a privilege control vulnerability in the Wi‑Fi component. CNVD-2022-20299 describes a privilege control flaw that could be exploited by attackers to obtain sensitive information from these Wi‑Fi modules, indicating th...
CVE-2021-37109
CVE-2021-37109 describes a security protection bypass in the modem component of Huawei EMUI/Magic UI devices, leading to memory protection failure. Connected sources consistently refer to a modem-related protection bypass with memory protection impact, but do not provide concrete affected version...
CVE-2021-39997
CVE-2021-39997 affects Huawei EMUI 12.0.0. The root cause is lax/input parameter verification in the audio component (audio assembly), leading to out-of-bounds access. Exploitation is described as enabling out-of-bounds access, with CVSS metrics indicating high to critical impact (network attack ...
CVE-2021-40052
The connected CNVD-2022-20292 and CNNVD-202203-984 entries indicate Huawei EMUI and Magic UI are affected by an incorrect buffer size calculation vulnerability in the video framework, described as impacting usability. No specific affected versions are provided in these documents. A PT-2022-11173 ...
CVE-2021-40055
CVE-2021-40055 describes a man-in-the-middle attack vulnerability during system update download in recovery mode that can compromise integrity. Connected records corroborate this as a MITM issue affecting Huawei EMUI and Magic UI (Android-based). The NVD details indicate impact to integrity (I) a...
CVE-2021-40054
CVE-2021-40054 corresponds to an integer underflow in the atcmdserver module reported in Huawei Emui and Magic UI environments (atcmdserver). The vulnerability affects integrity and has a high severity in CVSS terms (network vector, low attack complexity, no privileges required, no user interacti...