Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2036 vulnerabilities found for emui by huawei
VAR-202208-0562
Vulnerability from variot - Updated: 2026-03-07 23:56The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"cve": "CVE-2022-37007",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37007",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37007",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37007",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37007",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2402",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"description": {
"_id": null,
"data": "The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37007"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "VULHUB",
"id": "VHN-427491"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37007",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427491",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"id": "VAR-202208-0562",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:56:34.774000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204372"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37007"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37007/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427491"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
},
{
"db": "NVD",
"id": "CVE-2022-37007"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"date": "2022-08-10T20:16:04.797000",
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427491",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2402",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014549",
"ident": null
},
{
"date": "2026-03-06T20:16:11.130000",
"db": "NVD",
"id": "CVE-2022-37007",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product out-of-bounds read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014549"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2402"
}
],
"trust": 0.6
}
}
VAR-202208-0784
Vulnerability from variot - Updated: 2026-03-07 23:52The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"cve": "CVE-2022-37004",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37004",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37004",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37004",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2398",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"description": {
"_id": null,
"data": "The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37004"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "VULHUB",
"id": "VHN-427495"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37004",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427495",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"id": "VAR-202208-0784",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:52:47.480000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204368"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37004"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37004/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427495"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
},
{
"db": "NVD",
"id": "CVE-2022-37004"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"date": "2022-08-10T20:16:04.263000",
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427495",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2398",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014552",
"ident": null
},
{
"date": "2026-03-06T18:16:15.220000",
"db": "NVD",
"id": "CVE-2022-37004",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014552"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2398"
}
],
"trust": 0.6
}
}
VAR-202208-0507
Vulnerability from variot - Updated: 2026-03-07 23:49The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an inadequate validation of data reliability vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"cve": "CVE-2022-37008",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37008",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-37008",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2400",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"description": {
"_id": null,
"data": "The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an inadequate validation of data reliability vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37008"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "VULHUB",
"id": "VHN-427493"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37008",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427493",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"id": "VAR-202208-0507",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:49:28.589000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Repair measures for data forgery problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204370"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "Inadequate verification of data reliability (CWE-345) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37008"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37008/"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427493"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
},
{
"db": "NVD",
"id": "CVE-2022-37008"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"date": "2022-08-10T20:16:04.967000",
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427493",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2400",
"ident": null
},
{
"date": "2023-09-20T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-014548",
"ident": null
},
{
"date": "2026-03-06T18:16:15.810000",
"db": "NVD",
"id": "CVE-2022-37008",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Insufficient Validation of Data Trust in Products Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014548"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2400"
}
],
"trust": 0.6
}
}
VAR-202208-0488
Vulnerability from variot - Updated: 2026-03-07 23:39The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a vulnerability in inserting or modifying arguments.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"cve": "CVE-2022-37005",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-37005",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-37005",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-37005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37005",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2396",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"description": {
"_id": null,
"data": "The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a vulnerability in inserting or modifying arguments.Information may be obtained. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37005"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-37005",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-37005",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"id": "VAR-202208-0488",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:39:48.722000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204366"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-88",
"trust": 1.1
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.6,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37005"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37005/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427497"
},
{
"db": "VULMON",
"id": "CVE-2022-37005"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
},
{
"db": "NVD",
"id": "CVE-2022-37005"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"date": "2023-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"date": "2022-08-10T20:16:04.443000",
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-427497",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37005",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2396",
"ident": null
},
{
"date": "2023-09-20T08:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-014551",
"ident": null
},
{
"date": "2026-03-06T18:16:15.530000",
"db": "NVD",
"id": "CVE-2022-37005",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Argument insertion or modification vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014551"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2396"
}
],
"trust": 0.6
}
}
VAR-202208-0888
Vulnerability from variot - Updated: 2026-03-07 23:34Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed based on Android
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"cve": "CVE-2021-40040",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40040",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40040",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-40040",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2783",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"description": {
"_id": null,
"data": "Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed based on Android",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40040"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "VULHUB",
"id": "VHN-401441"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-40040",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-81251",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-401441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"id": "VAR-202208-0888",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:34:25.080000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI EMUI and Magic UI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204272"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40040"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202209-0000001392078921"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-40040/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401441"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
},
{
"db": "NVD",
"id": "CVE-2021-40040"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"date": "2022-08-10T20:15:22.443000",
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-401441",
"ident": null
},
{
"date": "2022-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2783",
"ident": null
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020146",
"ident": null
},
{
"date": "2026-03-06T18:16:09.910000",
"db": "NVD",
"id": "CVE-2021-40040",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020146"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2783"
}
],
"trust": 0.6
}
}
VAR-202208-0445
Vulnerability from variot - Updated: 2026-03-07 23:29The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS, which is caused by a flaw introduced in the design process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "11.0.0"
},
{
"_id": null,
"model": "harmonyos",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "2.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "4.0.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "10.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.0"
},
{
"_id": null,
"model": "emui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "12.0.0"
},
{
"_id": null,
"model": "magic ui",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "3.1.1"
},
{
"_id": null,
"model": "magic ui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "emui",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "harmonyos",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"cve": "CVE-2021-40030",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40030",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40030",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-40030",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40030",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2395",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"description": {
"_id": null,
"data": "The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China\u0027s Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS, which is caused by a flaw introduced in the design process",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40030"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "VULHUB",
"id": "VHN-401431"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-40030",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-401431",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"id": "VAR-202208-0445",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T23:29:40.981000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HUAWEI HarmonyOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204203"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://consumer.huawei.com/en/support/bulletin/2022/8/"
},
{
"trust": 2.5,
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40030"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202208-0000001310476756"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-40030/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401431"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
},
{
"db": "NVD",
"id": "CVE-2021-40030"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"date": "2022-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"date": "2022-08-10T20:15:22.347000",
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-401431",
"ident": null
},
{
"date": "2022-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2395",
"ident": null
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020148",
"ident": null
},
{
"date": "2026-03-06T18:16:08.803000",
"db": "NVD",
"id": "CVE-2021-40030",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural \u00a0Huawei\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020148"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2395"
}
],
"trust": 0.6
}
}
CVE-2026-28548 (GCVE-0-2026-28548)
Vulnerability from nvd – Published: 2026-03-05 08:28 – Updated: 2026-03-05 14:51
VLAI?
Summary
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:50:57.161550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:18.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper verification in the email application.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of improper verification in the email application.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:28:20.416Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28548",
"datePublished": "2026-03-05T08:28:20.416Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:51:18.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28542 (GCVE-0-2026-28542)
Vulnerability from nvd – Published: 2026-03-05 08:29 – Updated: 2026-03-05 14:42
VLAI?
Summary
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
7.3 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:41:59.478588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:42:06.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission bypass vulnerability in the system service framework.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission bypass vulnerability in the system service framework.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:29:45.155Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28542",
"datePublished": "2026-03-05T08:29:45.155Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:42:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28552 (GCVE-0-2026-28552)
Vulnerability from nvd – Published: 2026-03-05 07:45 – Updated: 2026-03-05 15:41
VLAI?
Summary
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.5 (Medium)
CWE
- CWE-19 - Data Processing Errors
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:06.375574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:13.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the IMS module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-19",
"description": "CWE-19 Data Processing Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:45:56.482Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28552",
"datePublished": "2026-03-05T07:45:56.482Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T15:41:13.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24928 (GCVE-0-2026-24928)
Vulnerability from nvd – Published: 2026-02-06 09:15 – Updated: 2026-02-06 16:04
VLAI?
Summary
Out-of-bounds write vulnerability in the file system module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.8 (Medium)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:04:31.088121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:04:47.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the file system module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Out-of-bounds write vulnerability in the file system module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:15:27.038Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24928",
"datePublished": "2026-02-06T09:15:27.038Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:04:47.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24927 (GCVE-0-2026-24927)
Vulnerability from nvd – Published: 2026-02-06 09:10 – Updated: 2026-02-06 16:07
VLAI?
Summary
Out-of-bounds access vulnerability in the frequency modulation module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:05:18.641335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:07:10.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds access vulnerability in the frequency modulation module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds access vulnerability in the frequency modulation module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:10:38.612Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24927",
"datePublished": "2026-02-06T09:10:38.612Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:07:10.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24920 (GCVE-0-2026-24920)
Vulnerability from nvd – Published: 2026-02-06 09:03 – Updated: 2026-02-06 16:16
VLAI?
Summary
Permission control vulnerability in the AMS module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.2 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:10:51.758426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:16:06.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the AMS module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission control vulnerability in the AMS module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:03:33.309Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24920",
"datePublished": "2026-02-06T09:03:33.309Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:16:06.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24919 (GCVE-0-2026-24919)
Vulnerability from nvd – Published: 2026-02-06 08:53 – Updated: 2026-02-06 17:05
VLAI?
Summary
Out-of-bounds write vulnerability in the DFX module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:04:53.336507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:05:04.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the DFX module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds write vulnerability in the DFX module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:53:44.566Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24919",
"datePublished": "2026-02-06T08:53:44.566Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T17:05:04.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24918 (GCVE-0-2026-24918)
Vulnerability from nvd – Published: 2026-02-06 08:29 – Updated: 2026-02-06 16:54
VLAI?
Summary
Address read vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.8 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:54:21.422904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:54:40.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "4.3.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Address read vulnerability in the communication module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Address read vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:29:24.361Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24918",
"datePublished": "2026-02-06T08:29:24.361Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:54:40.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24917 (GCVE-0-2026-24917)
Vulnerability from nvd – Published: 2026-02-06 08:52 – Updated: 2026-02-06 16:27
VLAI?
Summary
UAF vulnerability in the security module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:27:07.661441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:27:30.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "UAF vulnerability in the security module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "UAF vulnerability in the security module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:52:10.782Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24917",
"datePublished": "2026-02-06T08:52:10.782Z",
"dateReserved": "2026-01-28T06:05:05.256Z",
"dateUpdated": "2026-02-06T16:27:30.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68970 (GCVE-0-2025-68970)
Vulnerability from nvd – Published: 2026-01-14 02:35 – Updated: 2026-01-14 14:21
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:21:10.787802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:21:19.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:35:43.529Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68970",
"datePublished": "2026-01-14T02:35:43.529Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T14:21:19.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68963 (GCVE-0-2025-68963)
Vulnerability from nvd – Published: 2026-01-14 02:31 – Updated: 2026-01-14 23:35
VLAI?
Summary
Man-in-the-middle attack vulnerability in the Clone module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.7 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:22.971999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:35:36.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Man-in-the-middle attack vulnerability in the Clone module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Man-in-the-middle attack vulnerability in the Clone module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:31:32.979Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68963",
"datePublished": "2026-01-14T02:31:32.979Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T23:35:36.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68959 (GCVE-0-2025-68959)
Vulnerability from nvd – Published: 2026-01-14 02:38 – Updated: 2026-01-14 14:20
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.2 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:20:18.947978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:20:26.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:38:54.819Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68959",
"datePublished": "2026-01-14T02:38:54.819Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:20:26.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28542 (GCVE-0-2026-28542)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:29 – Updated: 2026-03-05 14:42
VLAI?
Summary
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
7.3 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:41:59.478588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:42:06.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission bypass vulnerability in the system service framework.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission bypass vulnerability in the system service framework.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:29:45.155Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28542",
"datePublished": "2026-03-05T08:29:45.155Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:42:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28548 (GCVE-0-2026-28548)
Vulnerability from cvelistv5 – Published: 2026-03-05 08:28 – Updated: 2026-03-05 14:51
VLAI?
Summary
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T14:50:57.161550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T14:51:18.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper verification in the email application.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Vulnerability of improper verification in the email application.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T08:28:20.416Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28548",
"datePublished": "2026-03-05T08:28:20.416Z",
"dateReserved": "2026-02-28T03:58:12.088Z",
"dateUpdated": "2026-03-05T14:51:18.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28552 (GCVE-0-2026-28552)
Vulnerability from cvelistv5 – Published: 2026-03-05 07:45 – Updated: 2026-03-05 15:41
VLAI?
Summary
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.5 (Medium)
CWE
- CWE-19 - Data Processing Errors
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:29:06.375574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:41:13.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the IMS module.\u0026nbsp;Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-19",
"description": "CWE-19 Data Processing Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T07:45:56.482Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-28552",
"datePublished": "2026-03-05T07:45:56.482Z",
"dateReserved": "2026-02-28T03:58:12.089Z",
"dateUpdated": "2026-03-05T15:41:13.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24928 (GCVE-0-2026-24928)
Vulnerability from cvelistv5 – Published: 2026-02-06 09:15 – Updated: 2026-02-06 16:04
VLAI?
Summary
Out-of-bounds write vulnerability in the file system module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.8 (Medium)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:04:31.088121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:04:47.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "14.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the file system module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Out-of-bounds write vulnerability in the file system module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:15:27.038Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24928",
"datePublished": "2026-02-06T09:15:27.038Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:04:47.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24927 (GCVE-0-2026-24927)
Vulnerability from cvelistv5 – Published: 2026-02-06 09:10 – Updated: 2026-02-06 16:07
VLAI?
Summary
Out-of-bounds access vulnerability in the frequency modulation module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
5.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:05:18.641335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:07:10.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds access vulnerability in the frequency modulation module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds access vulnerability in the frequency modulation module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:10:38.612Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24927",
"datePublished": "2026-02-06T09:10:38.612Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:07:10.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24920 (GCVE-0-2026-24920)
Vulnerability from cvelistv5 – Published: 2026-02-06 09:03 – Updated: 2026-02-06 16:16
VLAI?
Summary
Permission control vulnerability in the AMS module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.2 (Medium)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:10:51.758426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:16:06.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the AMS module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Permission control vulnerability in the AMS module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T09:03:33.309Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24920",
"datePublished": "2026-02-06T09:03:33.309Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:16:06.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24919 (GCVE-0-2026-24919)
Vulnerability from cvelistv5 – Published: 2026-02-06 08:53 – Updated: 2026-02-06 17:05
VLAI?
Summary
Out-of-bounds write vulnerability in the DFX module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:04:53.336507Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:05:04.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds write vulnerability in the DFX module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Out-of-bounds write vulnerability in the DFX module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:53:44.566Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24919",
"datePublished": "2026-02-06T08:53:44.566Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T17:05:04.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24917 (GCVE-0-2026-24917)
Vulnerability from cvelistv5 – Published: 2026-02-06 08:52 – Updated: 2026-02-06 16:27
VLAI?
Summary
UAF vulnerability in the security module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.5 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:27:07.661441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:27:30.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "UAF vulnerability in the security module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "UAF vulnerability in the security module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:52:10.782Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24917",
"datePublished": "2026-02-06T08:52:10.782Z",
"dateReserved": "2026-01-28T06:05:05.256Z",
"dateUpdated": "2026-02-06T16:27:30.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24918 (GCVE-0-2026-24918)
Vulnerability from cvelistv5 – Published: 2026-02-06 08:29 – Updated: 2026-02-06 16:54
VLAI?
Summary
Address read vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity ?
6.8 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:54:21.422904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:54:40.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "4.3.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Address read vulnerability in the communication module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Address read vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T08:29:24.361Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/2/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/2/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2026-24918",
"datePublished": "2026-02-06T08:29:24.361Z",
"dateReserved": "2026-01-28T06:05:05.257Z",
"dateUpdated": "2026-02-06T16:54:40.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68959 (GCVE-0-2025-68959)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:38 – Updated: 2026-01-14 14:20
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.2 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:20:18.947978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:20:26.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:38:54.819Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68959",
"datePublished": "2026-01-14T02:38:54.819Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T14:20:26.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68970 (GCVE-0-2025-68970)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:35 – Updated: 2026-01-14 14:21
VLAI?
Summary
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
6.1 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:21:10.787802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:21:19.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
},
{
"status": "affected",
"version": "14.2.0"
},
{
"status": "affected",
"version": "14.0.0"
},
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission verification bypass vulnerability in the media library module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Permission verification bypass vulnerability in the media library module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:35:43.529Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1/"
},
{
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68970",
"datePublished": "2026-01-14T02:35:43.529Z",
"dateReserved": "2025-12-27T09:06:51.412Z",
"dateUpdated": "2026-01-14T14:21:19.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68963 (GCVE-0-2025-68963)
Vulnerability from cvelistv5 – Published: 2026-01-14 02:31 – Updated: 2026-01-14 23:35
VLAI?
Summary
Man-in-the-middle attack vulnerability in the Clone module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity ?
5.7 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T23:17:22.971999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T23:35:36.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "4.3.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EMUI",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "15.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Man-in-the-middle attack vulnerability in the Clone module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Man-in-the-middle attack vulnerability in the Clone module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T02:31:32.979Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1//"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-68963",
"datePublished": "2026-01-14T02:31:32.979Z",
"dateReserved": "2025-12-27T09:06:51.411Z",
"dateUpdated": "2026-01-14T23:35:36.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}