Harmonyos Security Vulnerabilities
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.7AI Score
0.001EPSS
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
6.5CVSS
6.5AI Score
0.001EPSS
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
6.5CVSS
6.5AI Score
0.001EPSS
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
7.5CVSS
7.4AI Score
0.001EPSS
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
5.3CVSS
5AI Score
0.001EPSS
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
7.5CVSS
7.5AI Score
0.001EPSS
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.4AI Score
0.001EPSS
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.4AI Score
0.001EPSS
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.
9.1CVSS
9AI Score
0.002EPSS
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
9.1CVSS
9AI Score
0.002EPSS
The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.
7.5CVSS
7.5AI Score
0.001EPSS
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
9.8CVSS
9.2AI Score
0.002EPSS
The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
6.5CVSS
6.5AI Score
0.001EPSS
The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
6.5CVSS
6.3AI Score
0.001EPSS
The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
7.5CVSS
7.5AI Score
0.001EPSS
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
7.5CVSS
7.4AI Score
0.001EPSS
The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.
7.4CVSS
7.4AI Score
0.001EPSS
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.
5.3CVSS
5.3AI Score
0.001EPSS
The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
9.8CVSS
9.3AI Score
0.002EPSS
The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
9.8CVSS
9.2AI Score
0.001EPSS
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.
5.3CVSS
5.2AI Score
0.001EPSS
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
5.3CVSS
5.4AI Score
0.0005EPSS
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.
5.3CVSS
5.1AI Score
0.001EPSS
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
7.5CVSS
7.4AI Score
0.001EPSS
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.4AI Score
0.001EPSS
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.
5.9CVSS
5.6AI Score
0.001EPSS
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
9.8CVSS
9.2AI Score
0.003EPSS
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.
9.8CVSS
9.3AI Score
0.003EPSS
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.
9.8CVSS
9.3AI Score
0.002EPSS
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
9.8CVSS
9.2AI Score
0.002EPSS
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.4AI Score
0.002EPSS
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.
7.5CVSS
7.4AI Score
0.002EPSS