Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-48512

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-06 Jul, 2023 | 12:22
Updated At-19 Nov, 2024 | 18:55
Rejected At-
Credits

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:06 Jul, 2023 | 12:22
Updated At:19 Nov, 2024 | 18:55
Rejected At:
▼CVE Numbering Authority (CNA)

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Default Status
unaffected
Versions
Affected
  • 2.0.0
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
EMUI
Default Status
unaffected
Versions
Affected
  • 12.0.0
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2023/7/
N/A
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
N/A
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/7/
Resource: N/A
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2023/7/
x_transferred
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
x_transferred
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/7/
Resource:
x_transferred
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:06 Jul, 2023 | 13:15
Updated At:13 Jul, 2023 | 01:07

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>emui>>12.0.0
cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>2.0.0
cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE-122Secondarypsirt@huawei.com
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: psirt@huawei.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2023/7/psirt@huawei.com
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858psirt@huawei.com
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2023/7/
Source: psirt@huawei.com
Resource:
Vendor Advisory
Hyperlink: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

622Records found
CVE-2022-38980
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.60%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39000
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:55
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38982
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-287
Improper Authentication
CVE-2021-37121
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.55%
||
7 Day CHG~0.00%
Published-03 Jan, 2022 | 21:07
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CVE-2022-37002
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:10
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-32203
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.56%
||
7 Day CHG+0.06%
Published-20 Dec, 2024 | 01:54
Updated-10 Jan, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-cv81-wdmcv81-wdm_firmwareCV81-WDM FW
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2020-9099
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.55%
||
7 Day CHG~0.00%
Published-08 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-secospace_usg6500_firmwarenip6300ips_modulesecospace_usg6500usg9500_firmwareips_module_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwarengfw_module_firmwareusg9500nip6600ngfw_modulenip6800_firmwarenip6800nip6600_firmwaresecospace_usg6600secospace_usg6300_firmwareIPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500
CWE ID-CWE-287
Improper Authentication
CVE-2023-34159
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.79%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CVE-2020-9068
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.55%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:26
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar3200ar3200_firmwareAR3200
CWE ID-CWE-287
Improper Authentication
CVE-2020-9144
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.56%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:53
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-32991
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-11 May, 2024 | 09:46
Updated-11 Dec, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-16
Not Available
CVE-2022-29797
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.94%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 18:55
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cv81-wdm_firmwarecv81-wdmCV81-WDM FW
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-52370
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.64%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 03:41
Updated-24 Apr, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOSharmonyosemui
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52381
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.58%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:13
Updated-13 Mar, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-52378
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:09
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2023-52103
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.58%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:20
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-57961
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 8.14%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:33
Updated-17 Mar, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37003
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:10
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-9140
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 68.81%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:55
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-8840
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.16% / 91.85%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:41
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationHuawei Technologies Co., Ltd.FasterXML, LLC.NetApp, Inc.
Product-global_lifecycle_management_opatchdebian_linuxoncommand_api_servicesjackson-databindoceanstor_9000_firmwareoceanstor_9000oncommand_workflow_automationservice_level_managersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-54635
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 2.28%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:30
Updated-11 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of returning released pointers in the distributed notification service. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2025-54626
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.35%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:05
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-HarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2025-54630
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.08%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 02:15
Updated-06 Aug, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

:Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-HarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-53184
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:35
Updated-09 Jul, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53179
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:16
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53183
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:29
Updated-09 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53181
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:22
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53182
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:24
Updated-09 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-53180
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.55%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:20
Updated-09 Jul, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-22252
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.09%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:10
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOS;EMUI;Magic UI
CWE ID-CWE-416
Use After Free
CVE-2022-22260
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-13 May, 2022 | 15:03
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2025-48910
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 06:47
Updated-11 Jul, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-30416
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.22%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 08:07
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-416
Use After Free
CVE-2021-37122
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.40%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 00:36
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cloudengine_7800cloudengine_5800_firmwarecloudengine_5800cloudengine_6800_firmwarecloudengine_6800cloudengine_7800_firmwarecloudengine_12800cloudengine_12800_firmwareCloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800
CWE ID-CWE-416
Use After Free
CVE-2021-22304
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.03% / 6.34%
||
7 Day CHG~0.00%
Published-06 Feb, 2021 | 02:18
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-al00a_firmwaretaurus-al00aTaurus-AL00A
CWE ID-CWE-416
Use After Free
CVE-2021-22350
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 20:10
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-416
Use After Free
CVE-2021-22463
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.58%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:32
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2021-22466
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:32
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2017-15347
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.54%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 16:00
Updated-05 Aug, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_9_pro_firmwaremate_9_proMate 9 Pro
CWE ID-CWE-416
Use After Free
CVE-2021-22353
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 17:06
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the kernel to restart.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-416
Use After Free
CVE-2021-22321
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.16%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 19:03
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-s9700secospace_usg6500_firmwarenip6300secospace_usg6500usg9500_firmwares2700_firmwares1700_firmwares2700s7700_firmwaresecospace_usg6600_firmwaresecospace_usg6300nip6300_firmwares7700usg9500s1700nip6600s12700s5700_firmwares6700_firmwares12700_firmwarenip6800_firmwares9700_firmwarenip6800nip6600_firmwares5700s6700secospace_usg6600secospace_usg6300_firmwareNIP6600;NIP6800;S12700;S1700;S2700;S5700;S6700;S7700;S9700;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500
CWE ID-CWE-416
Use After Free
CVE-2019-2215
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-49.20% / 97.70%
||
7 Day CHG+3.74%
Published-11 Oct, 2019 | 18:16
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Debian GNU/LinuxGoogle LLCHuawei Technologies Co., Ltd.Android
Product-bla-al00b_firmwareleland-tl10c_firmwareares-tl00chw_firmwaresydneym-al00leland-al10b_firmwarebla-al00bfas2750_firmwaredura-al00aflorida-l22rhone-al00_firmwareflorida-al20btony-al00balp-tl00bleland-l32acolumbia-al00ah410s_firmwarep20berkeley-l09_firmwarelelandp-l22c_firmwareyale-al00a_firmwareflorida-l22_firmwarey9_2019neo-al00dstanford-l09s_firmwarenova_3lelandp-l22cdura-al00a_firmwaremate_rs_firmwareleland-al10bc190_firmwarebarca-al00aff_baseboard_management_controllerleland-l32a_firmwarebarca-al00_firmwareneo-al00d_firmwaretony-tl00b_firmwarebla-tl00b_firmwareflorida-al20b_firmwareberkeley-l09debian_linuxrhone-al00leland-tl10ba320_firmwarehonor_view_20alp-tl00b_firmwaresolidfire_baseboard_management_controller_firmwarep20_litecloud_backupa800_firmwarenova_2shonor_view_20_firmwareh610sstanford-l09figo-al00a_firmwarea320figo-al00anova_2s_firmwarestanford-l09subuntu_linuxjohnson-tl00dsydney-al00nova_3ep20_lite_firmwareleland-l21a_firmwarejakarta-al00a_firmwareh610s_firmwaresydneym-al00_firmwareyale-l21aanne-al00ares-al10d_firmwareh410ch500sleland-tl10b_firmwaresydney-al00_firmwarefas2720lelandp-al00cstanford-l09_firmwarefas2750lelandp-al00c_firmwaresolidfireares-al00bcornell-tl10bp20_firmwareyale-l21a_firmwareyale-tl00b_firmwareh300s_firmwareares-al00b_firmwarebla-tl00bh700sc190tony-tl00byale-tl00ba220alp-al00bberkeley-tl10_firmwarecornell-tl10b_firmwareflorida-l21florida-tl10b_firmwarealp-al00b_firmwarejohnson-tl00d_firmwareflorida-tl10bhci_management_nodedata_availability_servicesyale-al00aberkeley-tl10steelstore_cloud_integrated_storageflorida-l03_firmwareandroidduke-l09i_firmwarehonor_9i_firmwareleland-l21ah410sjakarta-al00aprinceton-al10b_firmwareh410c_firmwarey9_2019_firmwarecolumbia-al00a_firmwarenova_3e_firmwarea220_firmwaresolidfire_baseboard_management_controllerduke-l09iaff_baseboard_management_controller_firmwarehonor_9ibla-l29cflorida-l21_firmwarefas2720_firmwarecolumbia-l29dh700s_firmwareh500s_firmwareprinceton-al10bleland-tl10canne-al00_firmwareflorida-l03tony-al00b_firmwarebla-l29c_firmwarea800h300smate_rsares-tl00chwservice_processorsydney-tl00_firmwaresydney-tl00ares-al10dcolumbia-l29d_firmwarenova_3_firmwareAndroidAndroid Kernel
CWE ID-CWE-416
Use After Free
CVE-2022-46311
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2018-7993
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.97%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-mate_10mate_10_firmwareHUAWEI Mate 10
CWE ID-CWE-416
Use After Free
CVE-2023-52115
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:22
Updated-13 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-416
Use After Free
CVE-2025-53185
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.38%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:36
Updated-12 Aug, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2023-46768
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.79%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 02:51
Updated-04 Sep, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2023-46769
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.79%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 02:52
Updated-04 Sep, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2022-44547
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.45%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
CVE-2023-44095
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:44
Updated-18 Sep, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found