Harmonyos Security Vulnerabilities
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.
7.5CVSS
7.5AI Score
0.001EPSS
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
7.5CVSS
7.6AI Score
0.001EPSS
The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.
9.8CVSS
9.6AI Score
0.003EPSS
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
5.5CVSS
5.4AI Score
0.0004EPSS
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
7.5CVSS
7.5AI Score
0.001EPSS
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.4AI Score
0.002EPSS
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
5.5CVSS
5.5AI Score
0.0004EPSS
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
7.5CVSS
7.5AI Score
0.001EPSS
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
7.5CVSS
7.6AI Score
0.001EPSS
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
7.5CVSS
7.3AI Score
0.002EPSS
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.
9.8CVSS
9.3AI Score
0.002EPSS
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.6AI Score
0.001EPSS
There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
5.9CVSS
5.6AI Score
0.001EPSS
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
7.5CVSS
7.5AI Score
0.001EPSS
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.7AI Score
0.001EPSS
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
9.1CVSS
9AI Score
0.001EPSS
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
5.3CVSS
5.1AI Score
0.001EPSS
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
9.8CVSS
9.3AI Score
0.002EPSS
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
7.5CVSS
7.4AI Score
0.001EPSS
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
5.3CVSS
5.2AI Score
0.001EPSS
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.2AI Score
0.002EPSS
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.1CVSS
9.1AI Score
0.002EPSS
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.1CVSS
9.1AI Score
0.002EPSS
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
9.8CVSS
9.2AI Score
0.002EPSS
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.003EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.003EPSS
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
9.8CVSS
9.2AI Score
0.003EPSS
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
9.1CVSS
9AI Score
0.001EPSS
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.5AI Score
0.001EPSS