Emui Huawei Emui

  1. Vendors
  2. Huawei
  3. Emui
Do you want an email whenever new security vulnerabilities are reported in Huawei Emui?

By the Year

In 2023 there have been 210 vulnerabilities in Huawei Emui with an average score of 7.4 out of ten. Last year Emui had 237 security vulnerabilities published. Right now, Emui is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.14

Year Vulnerabilities Average Score
2023 210 7.43
2022 237 7.57
2021 140 7.62
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Emui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Emui Security Vulnerabilities

Permission control vulnerability in the window management module

CVE-2023-46756 5.3 - Medium - November 08, 2023

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Permission management vulnerability in the multi-screen interaction module

CVE-2023-46758 7.5 - High - November 08, 2023

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

Permission control vulnerability in the call module

CVE-2023-46759 7.5 - High - November 08, 2023

Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of parameters being out of the value range in the QMI service module

CVE-2023-46772 7.5 - High - November 08, 2023

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.

Memory Corruption

Vulnerability of background app permission management in the framework module

CVE-2023-46763 5.3 - Medium - November 08, 2023

Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Unauthorized startup vulnerability of background apps

CVE-2023-46764 5.3 - Medium - November 08, 2023

Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Vulnerability of uncaught exceptions in the NFC module

CVE-2023-46765 7.5 - High - November 08, 2023

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46766 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46767 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Vulnerability of uncaught exceptions in the NFC module

CVE-2023-46774 7.5 - High - November 08, 2023

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Race condition vulnerability in the kernel module

CVE-2022-48613 5.9 - Medium - November 08, 2023

Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

Race Condition

Vulnerability of input parameters being not strictly verified in the input

CVE-2023-46755 5.3 - Medium - November 08, 2023

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46760 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46761 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Out-of-bounds write vulnerability in the kernel driver module

CVE-2023-46762 7.5 - High - November 08, 2023

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Memory Corruption

Vulnerability of missing encryption in the card management module

CVE-2023-44098 7.5 - High - November 08, 2023

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Missing Encryption of Sensitive Data

Security vulnerability in the face unlock module

CVE-2023-46771 7.5 - High - November 08, 2023

Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper permission control in the Booster module

CVE-2023-44115 7.5 - High - November 08, 2023

Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Multi-thread vulnerability in the idmap module

CVE-2023-46768 7.5 - High - November 08, 2023

Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Dangling pointer

Vulnerability of identity verification being bypassed in the face unlock module

CVE-2023-5801 9.1 - Critical - November 08, 2023

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

Authentication Bypass by Spoofing

Use-After-Free (UAF) vulnerability in the dubai module

CVE-2023-46769 7.5 - High - November 08, 2023

Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.

Dangling pointer

Out-of-bounds vulnerability in the sensor module

CVE-2023-46770 7.5 - High - November 08, 2023

Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.

Memory Corruption

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44108 7.5 - High - October 11, 2023

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Object Type Confusion

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44116 9.8 - Critical - October 11, 2023

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

Missing Authentication for Critical Function

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44118 9.1 - Critical - October 11, 2023

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-44119 7.5 - High - October 11, 2023

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

Improper Locking

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44105 9.8 - Critical - October 11, 2023

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Improper Privilege Management

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114 7.5 - High - October 11, 2023

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability

CVE-2023-44095 7.5 - High - October 11, 2023

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

Dangling pointer

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to

CVE-2023-41304 5.3 - Medium - October 11, 2023

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

Improper Check for Unusual or Exceptional Conditions

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44097 7.5 - High - October 11, 2023

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100 7.5 - High - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Resource Transfer Between Spheres

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability

CVE-2023-44102 5.3 - Medium - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

Exposure of Resource to Wrong Sphere

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44103 7.5 - High - October 11, 2023

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds Read

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104 7.5 - High - October 11, 2023

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Resource Transfer Between Spheres

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44111 7.5 - High - October 11, 2023

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Improper Restriction of Excessive Authentication Attempts

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44106 9.8 - Critical - October 11, 2023

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-44110 4.3 - Medium - October 11, 2023

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

Improper Input Validation

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44094 5.3 - Medium - October 11, 2023

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Object Type Confusion

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44093 7.5 - High - October 11, 2023

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44096 7.5 - High - October 11, 2023

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

Improper Restriction of Excessive Authentication Attempts

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44109 7.5 - High - October 11, 2023

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

Broadcast permission control vulnerability in the framework module

CVE-2023-4565 5.3 - Medium - September 27, 2023

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Incorrect Permission Assignment for Critical Resource

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module

CVE-2023-41305 7.5 - High - September 27, 2023

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

Inadequate Encryption Strength

Vulnerability of mutex management in the bone voice ID trusted application (TA) module

CVE-2023-41306 3.7 - Low - September 27, 2023

Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

Race Condition

Memory overwriting vulnerability in the security module

CVE-2023-41307 7.5 - High - September 27, 2023

Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

Memory Corruption

Screenshot vulnerability in the input module

CVE-2023-41308 7.5 - High - September 27, 2023

Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

Permission control vulnerability in the MediaPlaybackController module

CVE-2023-41309 7.5 - High - September 27, 2023

Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

Keep-alive vulnerability in the sticky broadcast mechanism

CVE-2023-41310 3.3 - Low - September 27, 2023

Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

Resource Exhaustion

Permission control vulnerability in the audio module

CVE-2023-41311 5.3 - Medium - September 27, 2023

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

Permission control vulnerability in the audio module

CVE-2023-41312 5.3 - Medium - September 27, 2023

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

Stability-related vulnerability in the binder background management and control module

CVE-2022-48606 7.5 - High - September 27, 2023

Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Input verification vulnerability in the fingerprint module

CVE-2022-48605 9.8 - Critical - September 25, 2023

Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

Data security classification vulnerability in the DDMP module

CVE-2023-41293 7.5 - High - September 25, 2023

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of parameters not being strictly verified in the PMS module

CVE-2023-41300 7.5 - High - September 25, 2023

Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Vulnerability of unauthorized API access in the PMS module

CVE-2023-41301 7.5 - High - September 25, 2023

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Redirection permission verification vulnerability in the home screen module

CVE-2023-41302 7.5 - High - September 25, 2023

Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Command injection vulnerability in the distributed file system module

CVE-2023-41303 7.5 - High - September 25, 2023

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

Command Injection

Vulnerability of improper permission management in the displayengine module

CVE-2023-41295 5.3 - Medium - September 25, 2023

Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

Incorrect Permission Assignment for Critical Resource

Vulnerability of missing authorization in the kernel module

CVE-2023-41296 9.1 - Critical - September 25, 2023

Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

AuthZ

Vulnerability of defects introduced in the design process in the HiviewTunner module

CVE-2023-41297 9.8 - Critical - September 25, 2023

Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

Vulnerability of permission control in the window module

CVE-2023-41298 7.5 - High - September 25, 2023

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

DoS vulnerability in the PMS module

CVE-2023-41299 7.5 - High - September 25, 2023

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Classic Buffer Overflow

DoS vulnerability in the PMS module

CVE-2023-39409 7.5 - High - September 25, 2023

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Classic Buffer Overflow

DoS vulnerability in the PMS module

CVE-2023-39408 7.5 - High - September 25, 2023

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

Classic Buffer Overflow

Vulnerability of defects introduced in the design process in the Multi-Device Task Center

CVE-2021-46895 9.1 - Critical - August 13, 2023

Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.

Vulnerability of input parameter verification in certain APIs in the window management module

CVE-2023-39404 7.5 - High - August 13, 2023

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

Parameter verification vulnerability in the installd module

CVE-2023-39403 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Parameter verification vulnerability in the installd module

CVE-2023-39402 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Parameter verification vulnerability in the installd module

CVE-2023-39401 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Parameter verification vulnerability in the installd module

CVE-2023-39400 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Parameter verification vulnerability in the installd module

CVE-2023-39399 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Parameter verification vulnerability in the installd module

CVE-2023-39398 9.1 - Critical - August 13, 2023

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

Input parameter verification vulnerability in the communication system

CVE-2023-39397 7.5 - High - August 13, 2023

Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Mismatch vulnerability in the serialization process in the communication system

CVE-2023-39395 7.5 - High - August 13, 2023

Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.

Vulnerability of API privilege escalation in the wifienhance module

CVE-2023-39394 7.5 - High - August 13, 2023

Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.

Permission control vulnerability in the XLayout component

CVE-2023-39406 7.5 - High - August 13, 2023

Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

Vulnerability of system file information leakage in the USB Service module

CVE-2023-39391 7.5 - High - August 13, 2023

Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of configuration defects in the media module of certain products

CVE-2023-39385 9.1 - Critical - August 13, 2023

Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.

Vulnerability of input parameter verification in certain APIs in the window management module

CVE-2023-39390 7.5 - High - August 13, 2023

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

Improper Input Validation

Vulnerability of permission control in the window management module

CVE-2023-39387 5.3 - Medium - August 13, 2023

Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Vulnerability of input parameters being not strictly verified in the PMS module

CVE-2023-39386 7.5 - High - August 13, 2023

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

Improper Input Validation

Input verification vulnerability in the storage module

CVE-2023-39381 7.5 - High - August 13, 2023

Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.

Improper Input Validation

Vulnerability of input parameters being not strictly verified in the AMS module

CVE-2023-39383 7.5 - High - August 13, 2023

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.

Exposure of Resource to Wrong Sphere

Input verification vulnerability in the audio module

CVE-2023-39382 7.5 - High - August 13, 2023

Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.

Improper Input Validation

Permission control vulnerability in the audio module

CVE-2023-39380 7.5 - High - August 13, 2023

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

authentification

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module

CVE-2023-39405 9.8 - Critical - August 13, 2023

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

Memory Corruption

Deserialization vulnerability in the input module

CVE-2023-39396 7.5 - High - August 13, 2023

Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.

Marshaling, Unmarshaling

Vulnerability of input parameters being not strictly verified in the PMS module

CVE-2023-39388 7.5 - High - August 13, 2023

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.

Improper Input Validation

Vulnerability of input parameters being not strictly verified in the PMS module

CVE-2023-39389 7.5 - High - August 13, 2023

Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.

Improper Input Validation

Vulnerability of insecure signatures in the ServiceWifiResources module

CVE-2023-39393 7.5 - High - August 13, 2023

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

Improper Verification of Cryptographic Signature

Vulnerability of insecure signatures in the OsuLogin module

CVE-2023-39392 7.5 - High - August 13, 2023

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

Improper Verification of Cryptographic Signature

Vulnerability of incomplete permission verification in the input method module

CVE-2023-39384 7.5 - High - August 13, 2023

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

AuthZ

Input verification vulnerability in the WMS API

CVE-2023-37241 7.5 - High - July 06, 2023

Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

Improper Input Validation

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module

CVE-2023-37238 5.3 - Medium - July 06, 2023

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.

Encryption bypass vulnerability in Maintenance mode

CVE-2021-46892 7.5 - High - July 06, 2023

Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.

Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVE-2021-46894 9.8 - Critical - July 06, 2023

Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

Dangling pointer

Vulnerability of identity verification being bypassed in the storage module

CVE-2022-48507 7.5 - High - July 06, 2023

Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

Authentication Bypass by Capture-replay

Inappropriate authorization vulnerability in the system apps

CVE-2022-48508 7.5 - High - July 06, 2023

Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

AuthZ

Vulnerability of incomplete input parameter verification in the communication framework module

CVE-2023-34164 7.5 - High - July 06, 2023

Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Emui or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

Huawei Emui
Product

subscribe