Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-54110

Summary
Assigner-huawei
Assigner Org ID-25ac1063-e409-4190-8079-24548c77ea2e
Published At-12 Dec, 2024 | 12:05
Updated At-12 Dec, 2024 | 15:02
Rejected At-
Credits

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:huawei
Assigner Org ID:25ac1063-e409-4190-8079-24548c77ea2e
Published At:12 Dec, 2024 | 12:05
Updated At:12 Dec, 2024 | 15:02
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Affected Products
Vendor
Huawei Technologies Co., Ltd.Huawei
Product
HarmonyOS
Default Status
unaffected
Versions
Affected
  • 5.0.0
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://consumer.huawei.com/en/support/bulletin/2024/12/
N/A
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/12/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@huawei.com
Published At:12 Dec, 2024 | 12:15
Updated At:12 Dec, 2024 | 20:19

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Huawei Technologies Co., Ltd.
huawei
>>harmonyos>>5.0.0
cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Secondarypsirt@huawei.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: psirt@huawei.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://consumer.huawei.com/en/support/bulletin/2024/12/psirt@huawei.com
Vendor Advisory
Hyperlink: https://consumer.huawei.com/en/support/bulletin/2024/12/
Source: psirt@huawei.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

300Records found
CVE-2024-54122
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 0.96%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 12:20
Updated-14 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-54104
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.65%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 11:58
Updated-12 Dec, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-264
Not Available
CVE-2024-51522
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.55%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:13
Updated-07 Nov, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-199
Not Available
CVE-2024-45450
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.78%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:15
Updated-12 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42031
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.74%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 08:56
Updated-19 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CVE-2024-42030
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 08:13
Updated-20 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-701
Not Available
CVE-2024-42037
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 0.61%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 09:30
Updated-13 Sep, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-248
Uncaught Exception
CVE-2024-39674
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.34%
||
7 Day CHG~0.00%
Published-25 Jul, 2024 | 11:42
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2022-38981
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30414
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.95%
||
7 Day CHG+0.18%
Published-07 Apr, 2024 | 08:04
Updated-13 Mar, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-30417
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.09%
||
7 Day CHG+0.05%
Published-07 Apr, 2024 | 08:16
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-38979
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38994
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2024-27897
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.47%
||
7 Day CHG+0.02%
Published-08 Apr, 2024 | 09:25
Updated-13 Mar, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-27895
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.59%
||
7 Day CHG+0.02%
Published-08 Apr, 2024 | 09:23
Updated-28 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-48346
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.41%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-38997
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2022-38985
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38992
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:56
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosHarmonyOSEMUI
CVE-2022-38998
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39010
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.02%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Aug, 2024 | 11:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CVE-2022-38984
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-15 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-57955
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.56%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:25
Updated-17 Mar, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-57960
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.7||HIGH
EPSS-0.03% / 6.88%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 12:32
Updated-17 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37005
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.41%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:11
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2024-56443
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:37
Updated-13 Jan, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56435
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 01:33
Updated-13 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-56436
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 01:46
Updated-13 Jan, 2025 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-264
Not Available
CVE-2024-54112
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.58%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 12:07
Updated-12 Dec, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-264
Not Available
CVE-2024-54119
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 14.65%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 12:18
Updated-14 Jan, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34739
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.43%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:53
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CVE-2024-51523
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.1||HIGH
EPSS-0.04% / 12.65%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:14
Updated-07 Nov, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-840
Not Available
CVE-2024-51525
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 09:19
Updated-07 Nov, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-264
Not Available
CVE-2022-31761
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 15:07
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiMagic UIEMUI
CVE-2024-9136
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.66%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 10:24
Updated-01 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-16
Not Available
CVE-2024-42039
Matching Score-8
Assigner-Huawei Technologies
ShareView Details
Matching Score-8
Assigner-Huawei Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 01:35
Updated-12 Sep, 2024 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-701
Not Available
CVE-2021-22326
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.1||HIGH
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 13:40
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22396
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 16:08
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ecns280_tdese620x_vess_firmwareecns280_td_firmwareese620x_vesseCNS280_TD;eSE620X vESS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22421
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.30%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:18
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-52543
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.98%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:49
Updated-13 Mar, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-52716
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 09:01
Updated-13 Mar, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIemuiharmonyos
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-52116
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.41%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:24
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-9141
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 21:53
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-9114
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.91%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 00:04
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-fusioncomputeFusionCompute
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-52114
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 08:21
Updated-27 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIemuiharmonyos
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-52105
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.60%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:24
Updated-27 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSharmonyos
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-22257
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-magic_uiemuiharmonyosMagic UIHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-46758
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.79%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:18
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-46756
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 10:12
Updated-04 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44106
Matching Score-6
Assigner-Huawei Technologies
ShareView Details
Matching Score-6
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 25.31%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:55
Updated-18 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found