Monthly
HarmonyOS app management and control module permits local privilege escalation through improper permission controls, allowing unauthenticated local attackers with user interaction to access confidential service data. CVSS 3.6 (low severity) reflects local-only attack vector and requirement for user interaction, though the privilege escalation nature means affected systems warrant review for deployment context.
Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
HarmonyOS app management and control module permits local privilege escalation through improper permission controls, allowing unauthenticated local attackers with user interaction to access confidential service data. CVSS 3.6 (low severity) reflects local-only attack vector and requirement for user interaction, though the privilege escalation nature means affected systems warrant review for deployment context.
Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.