918 matches found
CVE-2022-48291
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-39387
Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
CVE-2023-39405
Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.
CVE-2023-41303
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.
CVE-2023-44104
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44118
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-46770
Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.
CVE-2023-52539
Permission verification vulnerability in the Settings module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52542
Permission verification vulnerability in the system module.Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52715
The SystemUI module has a vulnerability in permission management.Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-30417
Path traversal vulnerability in the Bluetooth-based sharing module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42037
Vulnerability of uncaught exceptions in the Graphics moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54107
Read/Write vulnerability in the image decoding moduleImpact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-58107
Buffer overflow vulnerability in the codec moduleImpact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-31172
Memory write permission bypass vulnerability in the kernel futex moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22470
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.
CVE-2021-40040
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-34735
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
CVE-2022-34738
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.
CVE-2022-38991
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-39000
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.
CVE-2022-41584
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41599
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44550
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-46322
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46328
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48605
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2023-1692
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-41295
Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.
CVE-2023-41302
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-41305
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-44111
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46760
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
CVE-2023-52717
Permission verification vulnerability in the lock screen module.Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-36503
Memory management vulnerability in the Gralloc moduleImpact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-42038
Vulnerability of PIN enhancement failures in the screen lock moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2024-54102
Race condition vulnerability in the DDR moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22294
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
CVE-2021-22461
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
CVE-2021-22469
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.
CVE-2021-40024
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-34740
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-38996
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41585
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-46312
The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.
CVE-2022-46762
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48292
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48298
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2023-1694
The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-39399
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.