Harmonyos Security Vulnerabilities
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.
7.5CVSS
7.6AI Score
0.001EPSS
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9AI Score
0.001EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9AI Score
0.001EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9AI Score
0.002EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9.1AI Score
0.002EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9AI Score
0.002EPSS
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
9.1CVSS
9AI Score
0.001EPSS
Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.
9.8CVSS
9.3AI Score
0.002EPSS
Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.
7.5CVSS
7.4AI Score
0.001EPSS
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
9.1CVSS
9AI Score
0.001EPSS
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
7.5CVSS
7.4AI Score
0.001EPSS
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.
9.8CVSS
9.3AI Score
0.001EPSS
Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
9.1CVSS
8.9AI Score
0.001EPSS
Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.
9.8CVSS
9.2AI Score
0.001EPSS
Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.4AI Score
0.001EPSS
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.4AI Score
0.001EPSS
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.
7.5CVSS
7.4AI Score
0.001EPSS
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.
7.5CVSS
7.6AI Score
0.001EPSS
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.
3.7CVSS
4.3AI Score
0.001EPSS
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.
3.3CVSS
4.2AI Score
0.0004EPSS
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.
5.3CVSS
5.2AI Score
0.001EPSS
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
5.3CVSS
5.2AI Score
0.001EPSS
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.6AI Score
0.001EPSS
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.4AI Score
0.001EPSS