Harmonyos Security Vulnerabilities
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which...
5.5CVSS
5.3AI Score
0.0005EPSS
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
9.8CVSS
9.3AI Score
0.001EPSS
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
5.9CVSS
5.5AI Score
0.001EPSS
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.
7AI Score
0.0004EPSS
The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.7AI Score
0.001EPSS
The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.
5.3CVSS
5.5AI Score
0.0005EPSS
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.4AI Score
0.001EPSS
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.8AI Score
0.002EPSS
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.8AI Score
0.002EPSS
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.4AI Score
0.001EPSS
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
7.8CVSS
7.6AI Score
0.0004EPSS
The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
3.3CVSS
4.3AI Score
0.0004EPSS
The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.
8.2CVSS
8AI Score
0.001EPSS
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
5.3CVSS
5.2AI Score
0.0005EPSS
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
10CVSS
6.4AI Score
0.0005EPSS
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
5.3CVSS
5.2AI Score
0.0005EPSS
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
9.8CVSS
9.3AI Score
0.002EPSS
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
5.3CVSS
5.2AI Score
0.0005EPSS
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.5AI Score
0.001EPSS
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
7.5CVSS
7.4AI Score
0.001EPSS
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
5.3CVSS
5.2AI Score
0.0005EPSS
Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.
5.3CVSS
5.1AI Score
0.001EPSS
Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.
5.3CVSS
5.1AI Score
0.001EPSS
Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.
9.1CVSS
9.1AI Score
0.001EPSS
Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.
9.8CVSS
9.4AI Score
0.003EPSS
Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.
9.1CVSS
9.3AI Score
0.001EPSS
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.
7.5CVSS
7.5AI Score
0.001EPSS
Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
9.1CVSS
9AI Score
0.001EPSS