Harmonyos Security Vulnerabilities - 2023
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.003EPSS
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
9.8CVSS
9.2AI Score
0.003EPSS
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
7.5CVSS
7.5AI Score
0.001EPSS
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
9.8CVSS
9.2AI Score
0.003EPSS
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
9.1CVSS
9AI Score
0.001EPSS
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
7.5CVSS
7.5AI Score
0.001EPSS
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
6.5CVSS
6.4AI Score
0.001EPSS
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.002EPSS
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
7.5CVSS
7.5AI Score
0.001EPSS
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
9.8CVSS
9.3AI Score
0.002EPSS
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
9.8CVSS
9.3AI Score
0.002EPSS
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.7AI Score
0.002EPSS
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.7AI Score
0.001EPSS
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
6.5CVSS
6.5AI Score
0.001EPSS
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
6.5CVSS
6.5AI Score
0.001EPSS
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
7.5CVSS
7.4AI Score
0.001EPSS
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
5.3CVSS
5AI Score
0.001EPSS
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
7.5CVSS
7.5AI Score
0.002EPSS
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.6AI Score
0.002EPSS
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
7.5CVSS
7.5AI Score
0.001EPSS
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.
9.1CVSS
9.1AI Score
0.001EPSS
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.4AI Score
0.001EPSS
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
6.5CVSS
6.4AI Score
0.001EPSS
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.
9.1CVSS
9AI Score
0.002EPSS
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
9.1CVSS
9AI Score
0.002EPSS
The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.
7.5CVSS
7.5AI Score
0.001EPSS
Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.
7.5CVSS
7.5AI Score
0.001EPSS
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
9.8CVSS
9.2AI Score
0.002EPSS
The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
6.5CVSS
6.5AI Score
0.001EPSS