Skip to main content

Emui

543 CVEs product

Monthly

CVE-2026-58559 MEDIUM This Month

Uncontrolled memory allocation in Huawei's vibration service crashes affected HarmonyOS and EMUI devices, resulting in a denial-of-service condition impacting device availability. The flaw is remotely triggerable with no privileges required but demands user interaction, consistent with delivery via crafted content such as a malicious application, webpage, or message that exercises the vibration API. No public exploit code or active exploitation has been identified at time of analysis, though Huawei has issued a July 2026 security bulletin addressing the issue.

Information Disclosure Harmony Os Emui
NVD
CVSS 3.1
6.5
CVE-2026-58558 HIGH This Week

Local information disclosure in Huawei HarmonyOS and EMUI stems from a flawed permission-control check in the file system, letting a local actor read data that should be access-restricted. Exploitation requires local access plus user interaction (CVSS UI:R), and Huawei's own scoring rates it high impact; no public exploit was identified at time of analysis and it is not listed in CISA KEV. Note the vendor CVSS also asserts integrity and availability impact, which the one-line description (confidentiality only) does not substantiate.

Information Disclosure Harmony Os Emui
NVD
CVSS 3.1
7.8
CVE-2026-58556 MEDIUM This Month

Permission control failure in the Bluetooth module of Huawei HarmonyOS and EMUI exposes devices to local exploitation that can degrade Bluetooth service availability and leak limited data. The flaw, classified under CWE-264, allows a local process operating without elevated privileges to bypass Bluetooth permission enforcement, potentially disrupting connectivity or reading restricted information. No public exploit or CISA KEV listing exists at time of analysis, but Huawei has disclosed this via its July 2026 security bulletin.

Privilege Escalation Harmony Os Emui
NVD
CVSS 3.1
5.1
CVE-2026-58554 MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.6
CVE-2026-41977 MEDIUM This Month

Integer overflow in the HarmonyOS and EMUI log service enables a local attacker, without requiring system privileges, to cause a denial-of-service condition and limited integrity impact on affected Huawei devices. The vulnerability is rooted in CWE-190 (Integer Overflow or Wraparound) within the log service component, with the CVSS-defined changed scope indicating the fault can affect components beyond the log service itself. No public exploit code and no confirmed active exploitation have been identified at time of analysis.

Information Disclosure Integer Overflow Emui
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-41976 MEDIUM This Month

Permission control failure in the audio framework of Huawei HarmonyOS and EMUI allows a local attacker with no special privileges, but requiring user interaction, to access confidential audio service data with high confidentiality impact alongside minor integrity and availability effects. The vulnerability stems from improper permission enforcement (CWE-275) within the audio subsystem. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the local-attack-vector with user interaction requirement limits mass exploitation.

Information Disclosure Emui
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-41974 LOW Monitor

Permission control weakness in the service notifications component of Huawei HarmonyOS and EMUI allows a local, unprivileged attacker - with user interaction - to partially degrade availability across a changed scope boundary. Rooted in CWE-264 (Permissions, Privileges, and Access Controls), the flaw permits improper manipulation of notification service permissions, with impact reaching beyond the immediately vulnerable component as indicated by the CVSS Scope:Changed attribute. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; the low CVSS score of 3.6 reflects constrained real-world impact limited to availability.

Privilege Escalation Emui
NVD
CVSS 3.1
3.6
EPSS
0.0%
CVE-2026-41973 MEDIUM This Month

Permission control bypass in Huawei HarmonyOS and EMUI's call-handling subsystem allows a locally present, unprivileged attacker to circumvent intended access restrictions, resulting in low-level impacts to confidentiality, integrity, and availability. The vulnerability stems from improper business logic governing permission enforcement (CWE-840), meaning the system fails to correctly validate whether a calling entity holds the required permissions before servicing a request. No public exploit code exists and the vulnerability has not been listed in the CISA Known Exploited Vulnerabilities catalog, but the low attack complexity and absence of privilege requirements lower the bar for local abuse.

Information Disclosure Emui
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-41970 MEDIUM This Month

Out-of-bounds write in Huawei HarmonyOS and EMUI distributed file system module allows authenticated local attackers to corrupt memory, potentially affecting system availability and integrity. CVSS 6.8 reflects adjacent network access requirement and low attack complexity, but exploitation requires prior authentication and local network presence. No public exploit code or active exploitation confirmed at time of analysis.

Memory Corruption Buffer Overflow Emui
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-41969 MEDIUM This Month

A permission control vulnerability in the projection module of Huawei HarmonyOS and EMUI allows local attackers with physical access to bypass authorization checks and disclose sensitive information. The flaw affects confidentiality through improper permission enforcement in a physical-access attack vector requiring user interaction. No active exploitation has been confirmed, and patch availability has not been independently verified from the provided reference.

Information Disclosure Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-41960 MEDIUM This Month

A permission control vulnerability in Huawei HarmonyOS and EMUI allows remote attackers to disclose sensitive information and potentially degrade system availability through unauthenticated network access combined with user interaction. The vulnerability stems from insufficient permission validation in the calls application, enabling attackers to read confidential data (CWE-200: Information Exposure) across system boundaries when users are socially engineered into triggering the malicious action.

Information Disclosure Emui
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-34859 MEDIUM This Month

Use-after-free vulnerability in Huawei HarmonyOS and EMUI kernel module allows local attackers without privileges to read sensitive memory, modify data, and crash the system (confidentiality, integrity, and availability impact). The vulnerability affects an unspecified range of HarmonyOS and EMUI versions; no public exploit code or active exploitation has been identified at the time of analysis. CVSS score of 5.9 reflects moderate local attack risk with low complexity.

Information Disclosure Use After Free Memory Corruption Emui
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-34855 MEDIUM This Month

Out-of-bounds write vulnerability in Huawei HarmonyOS and EMUI kernel modules allows local privileged attackers to achieve arbitrary memory corruption, potentially compromising system confidentiality and availability. The vulnerability requires high privilege context and nontrivial user interaction to trigger, limiting real-world exploitation scope despite moderate CVSS scoring.

Buffer Overflow Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-34854 MEDIUM This Month

Use-after-free vulnerability in HarmonyOS and EMUI kernel modules enables local attackers with high privileges to disclose sensitive information and cause denial of service through improper memory management. CVSS 5.7 reflects limited attack scope (local only, requires elevated privileges, high attack complexity), though the vulnerability impacts both confidentiality and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Use After Free Memory Corruption Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-34853 HIGH This Week

Permission bypass in Huawei HarmonyOS and EMUI LBS (Location-Based Services) module enables highly-privileged local attackers with user interaction to achieve full compromise across security contexts (confidentiality, integrity, availability impact). CVSS 7.7 HIGH severity. No public exploit identified at time of analysis. Attack requires local access, high privileges (administrator/root), user interaction, but succeeds with low complexity once prerequisites met. Scope change (S:C) indicates container escape or privilege boundary violation beyond the vulnerable component.

Authentication Bypass Emui
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-28553 MEDIUM This Month

HarmonyOS and EMUI theme setting modules fail to enforce proper permission controls, allowing local attackers with user interaction to read sensitive system information across security boundaries. The vulnerability requires physical or local access and user interaction but can compromise confidentiality of protected data; CVSS 6.9 reflects moderate-to-high real-world risk due to local attack surface and CVSS vector showing high confidentiality impact (C:H) despite lower integrity and availability consequences.

Information Disclosure Emui
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-28548 HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-28542 HIGH This Week

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28552 MEDIUM This Month

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24928 MEDIUM This Month

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24927 MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24920 MEDIUM This Month

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-24919 MEDIUM This Month

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-24918 MEDIUM This Month

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Denial Of Service Harmonyos Emui
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-24917 MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68970 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]

Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-68963 MEDIUM This Month

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-68959 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-66325 MEDIUM This Month

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58311 MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-58302 HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58314 MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-58276 MEDIUM This Month

Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-54646 MEDIUM This Month

Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-54644 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54643 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54642 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54641 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54637 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54636 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54632 MEDIUM This Month

Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-54629 MEDIUM This Month

Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54628 MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54611 HIGH This Week

EXTRA_REFERRER resource read vulnerability in the Gallery module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-53186 MEDIUM This Month

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-53185 MEDIUM This Month

Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

Information Disclosure Use After Free Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-53178 MEDIUM This Month

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-48902 MEDIUM This Month

A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-31175 HIGH This Week

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2025-31170 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58127 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58126 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58125 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58124 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58044 HIGH This Week

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-58043 HIGH This Week

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-57961 MEDIUM This Month

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-57960 HIGH This Week

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-57959 MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57958 MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-56450 MEDIUM This Month

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-56449 MEDIUM This Month

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-56448 MEDIUM This Month

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-56447 HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56442 MEDIUM This Month

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56441 MEDIUM Monitor

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2024-56440 MEDIUM This Month

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56438 MEDIUM This Month

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2023-52955 MEDIUM This Month

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52954 MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-52953 MEDIUM This Month

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56434 MEDIUM Monitor

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-54101 MEDIUM This Month

Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54100 HIGH This Week

Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54099 HIGH This Week

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54098 HIGH This Week

Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54097 HIGH This Week

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54096 MEDIUM This Month

Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51530 MEDIUM This Month

LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51529 MEDIUM This Month

Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51528 MEDIUM This Month

Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51527 MEDIUM This Month

Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-51510 MEDIUM This Month

Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9136 HIGH This Week

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47294 HIGH This Week

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47293 HIGH This Week

Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47292 MEDIUM This Month

Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47291 MEDIUM This Month

Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47290 MEDIUM This Month

Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-8298 MEDIUM This Month

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVSS 6.5
MEDIUM This Month

Uncontrolled memory allocation in Huawei's vibration service crashes affected HarmonyOS and EMUI devices, resulting in a denial-of-service condition impacting device availability. The flaw is remotely triggerable with no privileges required but demands user interaction, consistent with delivery via crafted content such as a malicious application, webpage, or message that exercises the vibration API. No public exploit code or active exploitation has been identified at time of analysis, though Huawei has issued a July 2026 security bulletin addressing the issue.

Information Disclosure Harmony Os Emui
NVD
CVSS 7.8
HIGH This Week

Local information disclosure in Huawei HarmonyOS and EMUI stems from a flawed permission-control check in the file system, letting a local actor read data that should be access-restricted. Exploitation requires local access plus user interaction (CVSS UI:R), and Huawei's own scoring rates it high impact; no public exploit was identified at time of analysis and it is not listed in CISA KEV. Note the vendor CVSS also asserts integrity and availability impact, which the one-line description (confidentiality only) does not substantiate.

Information Disclosure Harmony Os Emui
NVD
CVSS 5.1
MEDIUM This Month

Permission control failure in the Bluetooth module of Huawei HarmonyOS and EMUI exposes devices to local exploitation that can degrade Bluetooth service availability and leak limited data. The flaw, classified under CWE-264, allows a local process operating without elevated privileges to bypass Bluetooth permission enforcement, potentially disrupting connectivity or reading restricted information. No public exploit or CISA KEV listing exists at time of analysis, but Huawei has disclosed this via its July 2026 security bulletin.

Privilege Escalation Harmony Os Emui
NVD
CVSS 6.6
MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Integer overflow in the HarmonyOS and EMUI log service enables a local attacker, without requiring system privileges, to cause a denial-of-service condition and limited integrity impact on affected Huawei devices. The vulnerability is rooted in CWE-190 (Integer Overflow or Wraparound) within the log service component, with the CVSS-defined changed scope indicating the fault can affect components beyond the log service itself. No public exploit code and no confirmed active exploitation have been identified at time of analysis.

Information Disclosure Integer Overflow Emui
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Permission control failure in the audio framework of Huawei HarmonyOS and EMUI allows a local attacker with no special privileges, but requiring user interaction, to access confidential audio service data with high confidentiality impact alongside minor integrity and availability effects. The vulnerability stems from improper permission enforcement (CWE-275) within the audio subsystem. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the local-attack-vector with user interaction requirement limits mass exploitation.

Information Disclosure Emui
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Permission control weakness in the service notifications component of Huawei HarmonyOS and EMUI allows a local, unprivileged attacker - with user interaction - to partially degrade availability across a changed scope boundary. Rooted in CWE-264 (Permissions, Privileges, and Access Controls), the flaw permits improper manipulation of notification service permissions, with impact reaching beyond the immediately vulnerable component as indicated by the CVSS Scope:Changed attribute. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; the low CVSS score of 3.6 reflects constrained real-world impact limited to availability.

Privilege Escalation Emui
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Permission control bypass in Huawei HarmonyOS and EMUI's call-handling subsystem allows a locally present, unprivileged attacker to circumvent intended access restrictions, resulting in low-level impacts to confidentiality, integrity, and availability. The vulnerability stems from improper business logic governing permission enforcement (CWE-840), meaning the system fails to correctly validate whether a calling entity holds the required permissions before servicing a request. No public exploit code exists and the vulnerability has not been listed in the CISA Known Exploited Vulnerabilities catalog, but the low attack complexity and absence of privilege requirements lower the bar for local abuse.

Information Disclosure Emui
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write in Huawei HarmonyOS and EMUI distributed file system module allows authenticated local attackers to corrupt memory, potentially affecting system availability and integrity. CVSS 6.8 reflects adjacent network access requirement and low attack complexity, but exploitation requires prior authentication and local network presence. No public exploit code or active exploitation confirmed at time of analysis.

Memory Corruption Buffer Overflow Emui
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

A permission control vulnerability in the projection module of Huawei HarmonyOS and EMUI allows local attackers with physical access to bypass authorization checks and disclose sensitive information. The flaw affects confidentiality through improper permission enforcement in a physical-access attack vector requiring user interaction. No active exploitation has been confirmed, and patch availability has not been independently verified from the provided reference.

Information Disclosure Emui
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

A permission control vulnerability in Huawei HarmonyOS and EMUI allows remote attackers to disclose sensitive information and potentially degrade system availability through unauthenticated network access combined with user interaction. The vulnerability stems from insufficient permission validation in the calls application, enabling attackers to read confidential data (CWE-200: Information Exposure) across system boundaries when users are socially engineered into triggering the malicious action.

Information Disclosure Emui
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Use-after-free vulnerability in Huawei HarmonyOS and EMUI kernel module allows local attackers without privileges to read sensitive memory, modify data, and crash the system (confidentiality, integrity, and availability impact). The vulnerability affects an unspecified range of HarmonyOS and EMUI versions; no public exploit code or active exploitation has been identified at the time of analysis. CVSS score of 5.9 reflects moderate local attack risk with low complexity.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds write vulnerability in Huawei HarmonyOS and EMUI kernel modules allows local privileged attackers to achieve arbitrary memory corruption, potentially compromising system confidentiality and availability. The vulnerability requires high privilege context and nontrivial user interaction to trigger, limiting real-world exploitation scope despite moderate CVSS scoring.

Buffer Overflow Emui
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Use-after-free vulnerability in HarmonyOS and EMUI kernel modules enables local attackers with high privileges to disclose sensitive information and cause denial of service through improper memory management. CVSS 5.7 reflects limited attack scope (local only, requires elevated privileges, high attack complexity), though the vulnerability impacts both confidentiality and availability. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Permission bypass in Huawei HarmonyOS and EMUI LBS (Location-Based Services) module enables highly-privileged local attackers with user interaction to achieve full compromise across security contexts (confidentiality, integrity, availability impact). CVSS 7.7 HIGH severity. No public exploit identified at time of analysis. Attack requires local access, high privileges (administrator/root), user interaction, but succeeds with low complexity once prerequisites met. Scope change (S:C) indicates container escape or privilege boundary violation beyond the vulnerable component.

Authentication Bypass Emui
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

HarmonyOS and EMUI theme setting modules fail to enforce proper permission controls, allowing local attackers with user interaction to read sensitive system information across security boundaries. The vulnerability requires physical or local access and user interaction but can compromise confidentiality of protected data; CVSS 6.9 reflects moderate-to-high real-world risk due to local attack surface and CVSS vector showing high confidentiality impact (C:H) despite lower integrity and availability consequences.

Information Disclosure Emui
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Denial Of Service Harmonyos Emui
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]

Code Injection Emui Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Vulnerability of inadequate packet length check in the BLE module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Vulnerability of insufficient data length verification in the HVB module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Race condition issue occurring in the physical page import process of the memory management module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Emui +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

EXTRA_REFERRER resource read vulnerability in the Gallery module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A remote code execution vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Emui +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.1
HIGH This Week

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Data verification vulnerability in the battery module Impact: Successful exploitation of this vulnerability may affect function stability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of improper log printing in the Super Home Screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Emui +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy