Huawei Huawei

Do you want an email whenever new security vulnerabilities are reported in any Huawei product?

Products by Huawei Sorted by Most Security Vulnerabilities since 2018

Huawei Emui626 vulnerabilities

Huawei Harmonyos600 vulnerabilities

Huawei Magic Ui272 vulnerabilities

Huawei Manageone15 vulnerabilities

Huawei Openeuler8 vulnerabilities

Huawei Fusioncompute8 vulnerabilities

Huawei Pcmanager8 vulnerabilities

Huawei Campusinsight3 vulnerabilities

Huawei Hisuite3 vulnerabilities

Huawei Pcmanageroversea3 vulnerabilities

Huawei Gaussdb 2003 vulnerabilities

Huawei Pcmanagerchina3 vulnerabilities

Huawei Appgallery2 vulnerabilities

Huawei Imanager Neteco 60002 vulnerabilities

Huawei Imanager Neteco2 vulnerabilities

Huawei Hilink Ai Life2 vulnerabilities

Huawei Smc2 02 vulnerabilities

Huawei Policy Center1 vulnerability

Huawei Ultravr1 vulnerability

Huawei Utps Firmware1 vulnerability

Huawei Anyoffice1 vulnerability

Huawei Vip App1 vulnerability

Huawei Ne5000e1 vulnerability

Huawei Ne40e80e1 vulnerability

Huawei Ne40801 vulnerability

Huawei Ne20e X61 vulnerability

Huawei Ne201 vulnerability

Huawei Mt8821 vulnerability

Huawei Me601 vulnerability

Huawei Ma5200g1 vulnerability

Huawei Imaster Mae M1 vulnerability

Huawei Hwbackup1 vulnerability

Huawei Hg532e1 vulnerability

Huawei Hg255s1 vulnerability

Huawei Hedex Lite1 vulnerability

Huawei Fusionaccess1 vulnerability

Huawei Espace Desktop1 vulnerability

Huawei Elf G10hn1 vulnerability

Huawei Cx6001 vulnerability

Huawei Atn1 vulnerability

Huawei Atb1 vulnerability

By the Year

In 2024 there have been 31 vulnerabilities in Huawei with an average score of 7.0 out of ten. Last year Huawei had 238 security vulnerabilities published. Right now, Huawei is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.46

Year Vulnerabilities Average Score
2024 31 7.03
2023 238 7.49
2022 303 7.56
2021 255 7.33
2020 14 7.10
2019 12 6.93
2018 5 6.26

It may take a day or so for new Huawei vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Security Vulnerabilities

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36499 5.5 - Medium - June 14, 2024

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36500 5.5 - Medium - June 14, 2024

Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability

CVE-2024-36501 5.5 - Medium - June 14, 2024

Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36502 5.5 - Medium - June 14, 2024

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.

Out-of-bounds Read

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36503 5.5 - Medium - June 14, 2024

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.

Use of Uninitialized Resource

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-5464 3.3 - Low - June 14, 2024

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-5465 5.5 - Medium - June 14, 2024

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability.

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules)

CVE-2021-33631 7.8 - High - January 18, 2024

Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

Integer Overflow or Wraparound

NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation

CVE-2021-33630 5.5 - Medium - January 18, 2024

NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.

NULL Pointer Dereference

The Celia Keyboard module has a vulnerability in access control

CVE-2023-52100 7.5 - High - January 16, 2024

The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.

Component exposure vulnerability in the Wi-Fi module

CVE-2023-52101 9.1 - Critical - January 16, 2024

Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.

Vulnerability of parameters being not verified in the WMS module

CVE-2023-52102 7.5 - High - January 16, 2024

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Buffer overflow vulnerability in the FLP module

CVE-2023-52103 9.8 - Critical - January 16, 2024

Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.

Classic Buffer Overflow

Vulnerability of parameters being not verified in the WMS module

CVE-2023-52104 7.5 - High - January 16, 2024

Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

The nearby module has a privilege escalation vulnerability

CVE-2023-52105 7.5 - High - January 16, 2024

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

Improper Privilege Management

The DownloadProviderMain module has a vulnerability in API permission verification

CVE-2023-52106 9.1 - Critical - January 16, 2024

The DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability.

Vulnerability of foreground service restrictions being bypassed in the NMS module

CVE-2023-52099 7.5 - High - January 16, 2024

Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Denial of Service (DoS) vulnerability in the DMS module

CVE-2023-52098 7.5 - High - January 16, 2024

Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.

Resource Exhaustion

Vulnerability of permissions being not strictly verified in the WMS module

CVE-2023-52107 7.5 - High - January 16, 2024

Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Permission Assignment for Critical Resource

Vulnerability of process priorities being raised in the ActivityManagerService module

CVE-2023-52108 7.5 - High - January 16, 2024

Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.

Data confidentiality vulnerability in the ScreenReader module

CVE-2023-52114 7.5 - High - January 16, 2024

Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.

The iaware module has a Use-After-Free (UAF) vulnerability

CVE-2023-52115 7.5 - High - January 16, 2024

The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.

Dangling pointer

Permission management vulnerability in the multi-screen interaction module

CVE-2023-52116 7.5 - High - January 16, 2024

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

Incorrect Permission Assignment for Critical Resource

The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52110 7.5 - High - January 16, 2024

The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Authorization vulnerability in the BootLoader module

CVE-2023-52111 7.5 - High - January 16, 2024

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.

AuthZ

Unauthorized file access vulnerability in the wallpaper service module

CVE-2023-52112 5.3 - Medium - January 16, 2024

Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Files or Directories Accessible to External Parties

launchAnyWhere vulnerability in the ActivityManagerService module

CVE-2023-52113 7.5 - High - January 16, 2024

launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.

Out-of-bounds access vulnerability in the device authentication module

CVE-2023-44112 7.5 - High - January 16, 2024

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.

Out-of-bounds Read

Vulnerability of trust relationships being inaccurate in distributed scenarios

CVE-2023-44117 7.5 - High - January 16, 2024

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of trust relationships being inaccurate in distributed scenarios

CVE-2023-4566 7.5 - High - January 16, 2024

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of trust relationships being inaccurate in distributed scenarios

CVE-2023-52109 7.5 - High - January 16, 2024

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of unauthorized access to email attachments in the email module

CVE-2023-49243 7.5 - High - December 06, 2023

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in distributed scenarios

CVE-2023-49247 7.5 - High - December 06, 2023

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Improper Certificate Validation

Permission management vulnerability in the module for disabling Sound Booster

CVE-2023-6273 5.3 - Medium - December 06, 2023

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

Permission management vulnerability in the multi-user module

CVE-2023-49244 7.5 - High - December 06, 2023

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the Huawei Share module

CVE-2023-49245 7.5 - High - December 06, 2023

Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the card management module

CVE-2023-49246 7.5 - High - December 06, 2023

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of unauthorized file access in the Settings app

CVE-2023-49248 5.5 - Medium - December 06, 2023

Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.

API permission control vulnerability in the network management module

CVE-2023-49241 7.5 - High - December 06, 2023

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.

Free broadcast vulnerability in the running management module

CVE-2023-49242 7.5 - High - December 06, 2023

Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of data verification errors in the kernel module

CVE-2023-44099 7.5 - High - December 06, 2023

Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.

Improper Check for Unusual or Exceptional Conditions

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module

CVE-2023-44113 7.5 - High - December 06, 2023

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

Permission management vulnerability in the PMS module

CVE-2023-46773 9.8 - Critical - December 06, 2023

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

Incorrect Default Permissions

Unauthorized access vulnerability in the card management module

CVE-2023-49239 7.5 - High - December 06, 2023

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

Unauthorized access vulnerability in the launcher module

CVE-2023-49240 7.5 - High - December 06, 2023

Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

Permission control vulnerability in the call module

CVE-2023-46759 7.5 - High - November 08, 2023

Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.

Permission management vulnerability in the multi-screen interaction module

CVE-2023-46758 7.5 - High - November 08, 2023

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

The remote PIN module has a vulnerability

CVE-2023-46757 7.5 - High - November 08, 2023

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.

Permission control vulnerability in the window management module

CVE-2023-46756 5.3 - Medium - November 08, 2023

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Vulnerability of background app permission management in the framework module

CVE-2023-46763 5.3 - Medium - November 08, 2023

Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Unauthorized startup vulnerability of background apps

CVE-2023-46764 5.3 - Medium - November 08, 2023

Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Vulnerability of uncaught exceptions in the NFC module

CVE-2023-46765 7.5 - High - November 08, 2023

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Vulnerability of parameters being out of the value range in the QMI service module

CVE-2023-46772 7.5 - High - November 08, 2023

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46766 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46767 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Vulnerability of uncaught exceptions in the NFC module

CVE-2023-46774 7.5 - High - November 08, 2023

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Race condition vulnerability in the kernel module

CVE-2022-48613 5.9 - Medium - November 08, 2023

Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

Race Condition

Vulnerability of input parameters being not strictly verified in the input

CVE-2023-46755 5.3 - Medium - November 08, 2023

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46760 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46761 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46762 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Vulnerability of missing encryption in the card management module

CVE-2023-44098 7.5 - High - November 08, 2023

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Missing Encryption of Sensitive Data

Security vulnerability in the face unlock module

CVE-2023-46771 7.5 - High - November 08, 2023

Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper permission control in the Booster module

CVE-2023-44115 7.5 - High - November 08, 2023

Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of identity verification being bypassed in the face unlock module

CVE-2023-5801 9.1 - Critical - November 08, 2023

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Multi-thread vulnerability in the idmap module

CVE-2023-46768 7.5 - High - November 08, 2023

Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Dangling pointer

Use-After-Free (UAF) vulnerability in the dubai module

CVE-2023-46769 7.5 - High - November 08, 2023

Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.

Dangling pointer

Out-of-bounds vulnerability in the sensor module

CVE-2023-46770 7.5 - High - November 08, 2023

Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.

Memory Corruption

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114 7.5 - High - October 11, 2023

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44105 9.8 - Critical - October 11, 2023

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Improper Privilege Management

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-44119 7.5 - High - October 11, 2023

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

Improper Locking

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44118 9.1 - Critical - October 11, 2023

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44116 9.8 - Critical - October 11, 2023

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

Missing Authentication for Critical Function

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44108 7.5 - High - October 11, 2023

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Object Type Confusion

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-44107 9.1 - Critical - October 11, 2023

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44111 7.5 - High - October 11, 2023

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Improper Restriction of Excessive Authentication Attempts

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-44110 4.3 - Medium - October 11, 2023

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

Improper Input Validation

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44106 9.8 - Critical - October 11, 2023

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104 7.5 - High - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Resource Transfer Between Spheres

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability

CVE-2023-44102 5.3 - Medium - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

Exposure of Resource to Wrong Sphere

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-44101 7.5 - High - October 11, 2023

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

Exposure of Resource to Wrong Sphere

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100 7.5 - High - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Resource Transfer Between Spheres

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44097 7.5 - High - October 11, 2023

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to

CVE-2023-41304 5.3 - Medium - October 11, 2023

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

Improper Check for Unusual or Exceptional Conditions

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability

CVE-2023-44095 7.5 - High - October 11, 2023

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

Dangling pointer

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44103 7.5 - High - October 11, 2023

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44109 7.5 - High - October 11, 2023

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44096 7.5 - High - October 11, 2023

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Improper Restriction of Excessive Authentication Attempts

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44093 7.5 - High - October 11, 2023

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44094 5.3 - Medium - October 11, 2023

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Object Type Confusion

Screenshot vulnerability in the input module

CVE-2023-41308 7.5 - High - September 27, 2023

Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

Permission control vulnerability in the audio module

CVE-2023-41312 5.3 - Medium - September 27, 2023

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

Permission control vulnerability in the audio module

CVE-2023-41311 5.3 - Medium - September 27, 2023

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

Keep-alive vulnerability in the sticky broadcast mechanism

CVE-2023-41310 3.3 - Low - September 27, 2023

Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

Resource Exhaustion

Permission control vulnerability in the MediaPlaybackController module

CVE-2023-41309 7.5 - High - September 27, 2023

Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

Vulnerability of mutex management in the bone voice ID trusted application (TA) module

CVE-2023-41306 3.7 - Low - September 27, 2023

Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

Race Condition

Memory overwriting vulnerability in the security module

CVE-2023-41307 7.5 - High - September 27, 2023

Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Broadcast permission control vulnerability in the framework module

CVE-2023-4565 5.3 - Medium - September 27, 2023

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Incorrect Permission Assignment for Critical Resource

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module

CVE-2023-41305 7.5 - High - September 27, 2023

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

Inadequate Encryption Strength

Stability-related vulnerability in the binder background management and control module

CVE-2022-48606 7.5 - High - September 27, 2023

Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.