Skip to main content

Harmonyos

742 CVEs product

Monthly

CVE-2024-58252 MEDIUM This Month

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-46586 MEDIUM This Month

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-46585 HIGH This Week

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5). No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-46584 HIGH This Week

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31175 HIGH This Week

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2025-31174 MEDIUM This Month

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-31173 HIGH This Week

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-31172 HIGH This Month

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-31171 MEDIUM This Month

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-31170 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58127 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58126 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58125 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58124 HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-58116 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58115 MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-58113 MEDIUM This Month

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-58112 HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-58111 HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-58110 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58109 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58108 MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-58107 HIGH This Week

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-58106 MEDIUM Monitor

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-27521 MEDIUM This Month

Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-58050 MEDIUM This Month

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-58049 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-58048 MEDIUM This Month

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-58047 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-58046 MEDIUM This Month

Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-58045 HIGH This Week

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-58044 HIGH This Week

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-58043 HIGH This Week

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-57962 MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57961 MEDIUM This Month

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-57960 HIGH This Week

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-57959 MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57958 MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-57957 MEDIUM This Month

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-57956 LOW Monitor

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2024-57955 MEDIUM This Month

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-57954 MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-12602 MEDIUM This Month

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56456 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-56455 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56454 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56453 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-56452 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56451 HIGH This Month

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-56450 MEDIUM This Month

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-56449 MEDIUM This Month

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-56448 MEDIUM This Month

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-54121 MEDIUM This Month

Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56447 HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56446 MEDIUM Monitor

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-56445 MEDIUM Monitor

Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-56444 HIGH This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56443 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56442 MEDIUM This Month

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56441 MEDIUM Monitor

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2024-56440 MEDIUM This Month

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56439 HIGH This Month

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-56438 MEDIUM This Month

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-56437 MEDIUM This Month

Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-54120 MEDIUM Monitor

Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2023-52955 MEDIUM This Month

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52954 MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-52953 MEDIUM This Month

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56436 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56435 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56434 MEDIUM Monitor

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-54122 MEDIUM This Month

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-54119 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54117 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54116 HIGH This Week

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54115 HIGH This Week

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54114 HIGH This Week

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54113 HIGH This Week

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54112 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54111 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-54110 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54109 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54108 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54107 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54106 HIGH This Week

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54105 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54104 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54103 HIGH This Week

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54102 MEDIUM This Month

Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-54101 MEDIUM This Month

Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 6.2
MEDIUM This Month

Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5). No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 2.8
LOW Monitor

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Emui +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.1
MEDIUM Monitor

Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
Prev Page 3 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy