Harmonyos Security Vulnerabilities and Issues — Harmonyos CVE List

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

7.5CVSS7.6AI score0.00174EPSS

CVE•added 2023/09/25 1:15 p.m.•48 views

CVE-2022-48605

Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

9.8CVSS9.3AI score0.00193EPSS

CVE•added 2023/09/25 12:15 p.m.•48 views

CVE-2023-41295

Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

5.3CVSS5.2AI score0.00086EPSS

CVE•added 2023/09/25 1:15 p.m.•48 views

CVE-2023-41302

Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.

7.5CVSS7.4AI score0.00149EPSS

CVE•added 2023/09/27 3:19 p.m.•48 views

CVE-2023-41305

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

7.5CVSS7.4AI score0.00096EPSS

CVE•added 2023/09/25 12:15 p.m.•47 views

CVE-2023-41297

Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

9.8CVSS9.2AI score0.00193EPSS

CVE•added 2023/09/25 1:15 p.m.•45 views

CVE-2023-41300

Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

7.5CVSS7.4AI score0.00134EPSS

CVE•added 2023/09/25 11:15 a.m.•43 views

CVE-2023-39409

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

7.5CVSS7.4AI score0.00134EPSS

CVE•added 2023/09/25 9:15 a.m.•42 views

CVE-2023-39407

The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.

9.1CVSS9AI score0.00152EPSS

CVE•added 2023/09/25 9:15 a.m.•41 views

CVE-2023-39408

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

7.5CVSS7.4AI score0.00072EPSS

CVE•added 2023/09/27 3:19 p.m.•41 views

CVE-2023-41309

Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

7.5CVSS7.5AI score0.00128EPSS

CVE•added 2023/09/27 3:19 p.m.•40 views

CVE-2023-41312

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

5.3CVSS5.2AI score0.00117EPSS

CVE•added 2023/09/27 3:19 p.m.•38 views

CVE-2023-41306

Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

3.7CVSS4.3AI score0.0008EPSS

CVE•added 2023/09/25 12:15 p.m.•36 views

CVE-2023-41294

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.

9.8CVSS9.3AI score0.00232EPSS

CVE•added 2023/09/27 3:16 p.m.•35 views

CVE-2022-48606

Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

7.5CVSS7.5AI score0.00214EPSS

CVE•added 2023/09/27 3:19 p.m.•35 views

CVE-2023-41308

Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

7.5CVSS7.5AI score0.00112EPSS

CVE•added 2023/09/27 3:19 p.m.•32 views

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

5.3CVSS5.2AI score0.00117EPSS

CVE•added 2023/09/27 3:19 p.m.•32 views

CVE-2023-4565

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

5.3CVSS5.2AI score0.00068EPSS

CVE•added 2023/09/27 3:19 p.m.•29 views

CVE-2023-41307

Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

7.5CVSS7.5AI score0.0015EPSS

CVE•added 2023/09/25 12:15 p.m.•28 views

CVE-2023-41296

Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

9.1CVSS8.9AI score0.00123EPSS

CVE•added 2023/09/25 12:15 p.m.•26 views

CVE-2023-41298

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

7.5CVSS7.4AI score0.0015EPSS

CVE•added 2023/09/27 3:19 p.m.•25 views

CVE-2023-41310

Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

3.3CVSS4.2AI score0.00035EPSS