Harmonyos Security Vulnerabilities and Issues — Page 9 of Harmonyos CVE List

7.5CVSS6.3AI score0.00046EPSS

CVE-2024-54100

Vulnerability of improper access control in the secure input moduleImpact: Successful exploitation of this vulnerability may cause features to perform abnormally.

7.5CVSS7.1AI score0.00026EPSS

CVE-2024-54103

Vulnerability of improper access control in the album moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.

7.5CVSS6.5AI score0.00124EPSS

CVE-2024-54108

Read/Write vulnerability in the image decoding moduleImpact: Successful exploitation of this vulnerability will affect availability.

7.5CVSS4.6AI score0.00046EPSS

CVE-2024-54115

Out-of-bounds read vulnerability in the DASH moduleImpact: Successful exploitation of this vulnerability will affect availability.

7.5CVSS6.4AI score0.00035EPSS

CVE-2024-54117

Cross-process screen stack vulnerability in the UIExtension moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE•added 2025/02/06 1:15 p.m.•42 views

CVE-2024-57956

Out-of-bounds read vulnerability in the interpreter string moduleImpact: Successful exploitation of this vulnerability may affect availability.

7.5CVSS6.9AI score0.00019EPSS

CVE•added 2025/02/06 1:15 p.m.•42 views

CVE-2024-57962

Vulnerability of incomplete verification information in the VPN service moduleImpact: Successful exploitation of this vulnerability may affect availability.

7.5CVSS6.7AI score0.00022EPSS

CVE•added 2025/05/06 8:15 a.m.•42 views

CVE-2025-46593

Process residence vulnerability in abnormal scenarios in the print moduleImpact: Successful exploitation of this vulnerability may affect availability.

5.5CVSS6.9AI score0.00009EPSS

CVE•added 2021/08/03 6:15 p.m.•41 views

CVE-2021-22421

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.

7.8CVSS7.5AI score0.00016EPSS

CVE•added 2021/08/03 6:15 p.m.•41 views

CVE-2021-22425

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.

7.8CVSS7.4AI score0.00019EPSS

CVE•added 2021/10/28 1:15 p.m.•41 views

CVE-2021-22455

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.

5.5CVSS5.5AI score0.00061EPSS

CVE•added 2021/10/28 1:15 p.m.•41 views

CVE-2021-22460

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.

5.5CVSS5.4AI score0.00011EPSS

CVE•added 2021/10/28 1:15 p.m.•41 views

CVE-2021-22467

A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.

5.5CVSS5.3AI score0.00025EPSS

CVE•added 2021/12/07 5:15 p.m.•41 views

CVE-2021-37043

There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources.

7.5CVSS7.4AI score0.00168EPSS

CVE•added 2022/01/03 10:15 p.m.•41 views

CVE-2021-37119

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

7.5CVSS7.5AI score0.0022EPSS

CVE•added 2022/01/03 10:15 p.m.•41 views

CVE-2021-39966

There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

7.5CVSS7.5AI score0.00131EPSS

CVE•added 2022/01/03 10:15 p.m.•41 views

CVE-2021-39969

There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

7.5CVSS7.5AI score0.00131EPSS

9.8CVSS9.6AI score0.00236EPSS

CVE-2021-39996

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

7.5CVSS7.5AI score0.00135EPSS

CVE-2021-40011

There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.

7.5CVSS7.5AI score0.0016EPSS

CVE-2021-40018

The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

7.5CVSS7.3AI score0.00224EPSS

CVE-2021-40032

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

CVE•added 2022/10/14 4:15 p.m.•41 views

CVE-2021-46839

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

9.1CVSS9.1AI score0.00102EPSS

CVE•added 2022/07/12 2:15 p.m.•41 views

CVE-2022-34739

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

7.5CVSS7.6AI score0.00131EPSS

CVE•added 2022/08/10 8:16 p.m.•41 views

CVE-2022-37001

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash.

7.5CVSS7.4AI score0.00116EPSS

CVE•added 2022/09/16 6:15 p.m.•41 views

CVE-2022-39005

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

7.5CVSS7.5AI score0.00109EPSS

CVE•added 2022/11/09 9:15 p.m.•41 views

CVE-2022-44557

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

7.5CVSS7.5AI score0.00071EPSS

CVE•added 2022/12/20 9:15 p.m.•41 views

CVE-2022-46316

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

9.8CVSS9.4AI score0.00108EPSS

CVE•added 2022/12/20 9:15 p.m.•41 views

CVE-2022-46325

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

9.8CVSS9.4AI score0.001EPSS

7.5CVSS7.7AI score0.0007EPSS

CVE-2022-48286

The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

7.5CVSS7.5AI score0.0004EPSS

CVE-2022-48287

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

7.5CVSS7.4AI score0.00047EPSS

CVE-2022-48295

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).