Harmonyos Security Vulnerabilities - CVSS Score 5 - 6
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
5.5CVSS
5.5AI Score
0.0004EPSS
A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.
5.5CVSS
5.4AI Score
0.0004EPSS
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
5.5CVSS
5.5AI Score
0.0004EPSS
A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.
5.5CVSS
5.5AI Score
0.0004EPSS
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.
5.5CVSS
5.4AI Score
0.0004EPSS
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
5.5CVSS
5.5AI Score
0.0004EPSS
A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
5.5CVSS
5.3AI Score
0.0004EPSS
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
5.5CVSS
5.4AI Score
0.0004EPSS
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.
5.5CVSS
5.3AI Score
0.0004EPSS
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
5.5CVSS
5.3AI Score
0.0004EPSS
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected.
5.3CVSS
5.1AI Score
0.001EPSS
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with.
5.3CVSS
5.2AI Score
0.001EPSS
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash.
5.9CVSS
5.6AI Score
0.001EPSS
There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service.
5.9CVSS
5.6AI Score
0.001EPSS
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages.
5.3CVSS
5.2AI Score
0.001EPSS
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.
5.3CVSS
5.2AI Score
0.001EPSS
There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
5.3CVSS
5.2AI Score
0.001EPSS
The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak.
5.3CVSS
5.2AI Score
0.001EPSS
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.
5.3CVSS
5.2AI Score
0.001EPSS
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.
5.3CVSS
4.9AI Score
0.001EPSS
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.
5.3CVSS
5.2AI Score
0.001EPSS
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.
5.3CVSS
5.2AI Score
0.001EPSS
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
5.3CVSS
5.3AI Score
0.001EPSS
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
5.3CVSS
5.3AI Score
0.001EPSS
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
5.5CVSS
5.4AI Score
0.0004EPSS
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
5.5CVSS
5.5AI Score
0.0004EPSS
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
5.9CVSS
5.6AI Score
0.001EPSS
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
5.3CVSS
5.1AI Score
0.001EPSS
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
5.3CVSS
5.2AI Score
0.001EPSS
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.4AI Score
0.0004EPSS
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
5.5CVSS
5.5AI Score
0.0004EPSS
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.
5.9CVSS
5.6AI Score
0.001EPSS
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.
5.5CVSS
5.7AI Score
0.0004EPSS
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.
5.3CVSS
5.2AI Score
0.001EPSS