Skip to main content

Harmonyos

742 CVEs product

Monthly

CVE-2023-39385 CRITICAL Act Now

Vulnerability of configuration defects in the media module of certain products.. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-39405 CRITICAL Act Now

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-39396 HIGH This Week

Deserialization vulnerability in the input module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39393 HIGH This Week

Vulnerability of insecure signatures in the ServiceWifiResources module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-39392 HIGH This Week

Vulnerability of insecure signatures in the OsuLogin module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-39389 HIGH This Week

Vulnerability of input parameters being not strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39388 HIGH This Week

Vulnerability of input parameters being not strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39384 HIGH This Week

Vulnerability of incomplete permission verification in the input method module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39383 HIGH This Week

Vulnerability of input parameters being not strictly verified in the AMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-39382 HIGH This Week

Input verification vulnerability in the audio module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39381 HIGH This Week

Input verification vulnerability in the storage module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39380 HIGH This Week

Permission control vulnerability in the audio module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3456 MEDIUM This Month

Vulnerability of kernel raw address leakage in the hang detector module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-37245 CRITICAL Act Now

Buffer overflow vulnerability in the modem pinctrl module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-37242 CRITICAL Act Now

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-37241 HIGH This Week

Input verification vulnerability in the WMS API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37240 CRITICAL Act Now

Vulnerability of missing input length verification in the distributed file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-37239 HIGH This Week

Format string vulnerability in the distributed file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-37238 MEDIUM This Month

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34164 HIGH This Week

Vulnerability of incomplete input parameter verification in the communication framework module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1695 HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1691 HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3455 CRITICAL Act Now

Key management vulnerability on system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-34165 MEDIUM This Month

Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34157 MEDIUM This Month

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-34154 HIGH This Week

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Huawei Harmonyos
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-1696 HIGH This Week

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1694 HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1693 HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1692 HIGH This Week

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-26549 HIGH This Week

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-26548 HIGH This Week

The pgmng module has a vulnerability in serialization/deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26547 HIGH This Week

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46328 HIGH PATCH This Week

Some smartphones have the input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46327 CRITICAL PATCH Act Now

Some smartphones have configuration issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-46326 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46325 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46324 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46323 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46322 HIGH PATCH This Week

Some smartphones have the out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46321 HIGH PATCH This Week

The Wi-Fi module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46320 CRITICAL PATCH Act Now

The kernel module has an out-of-bounds read vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46319 CRITICAL PATCH Act Now

Fingerprint calibration has a vulnerability of lacking boundary judgment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46318 MEDIUM PATCH This Month

The HAware module has a function logic error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-46317 HIGH PATCH This Week

The power consumption module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46316 CRITICAL PATCH Act Now

A thread security vulnerability exists in the authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46315 HIGH PATCH This Week

The ProfileSDK has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46314 HIGH PATCH This Week

The IPC module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46313 MEDIUM PATCH This Month

The sensor privacy module has an authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-46312 HIGH PATCH This Week

The application management module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46311 HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46310 HIGH PATCH This Week

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41599 HIGH PATCH This Week

The system service has a vulnerability that causes incorrect return values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41596 HIGH PATCH This Week

The system tool has inconsistent serialization and deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41591 HIGH This Week

The backup module has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41590 MEDIUM This Month

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-44563 MEDIUM This Month

There is a race condition vulnerability in SD upgrade mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-44562 CRITICAL Act Now

The system framework layer has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44561 HIGH This Week

The preset launcher module has a permission verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-44560 MEDIUM This Month

The launcher module has an Intent redirection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44559 CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44558 CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-44557 HIGH This Week

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44555 HIGH This Week

The DDMP/ODMF module has a service hijacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44554 HIGH This Week

The power module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44553 MEDIUM This Month

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44552 HIGH This Week

The lock screen module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44551 CRITICAL Act Now

The iaware module has a vulnerability in thread security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-44550 HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44549 HIGH This Week

The LBS module has a vulnerability in geofencing API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-44548 MEDIUM This Month

There is a vulnerability in permission verification during the Bluetooth pairing process. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-44547 HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44546 HIGH This Week

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44556 HIGH This Week

Missing parameter type validation in the DRM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41603 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41602 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41601 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41600 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41598 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41597 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41595 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41594 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41593 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41592 LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2022-41589 HIGH This Week

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41588 HIGH This Week

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-41586 HIGH This Week

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41585 HIGH This Week

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41584 HIGH This Week

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41583 HIGH This Week

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Vulnerability of configuration defects in the media module of certain products.. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Deserialization vulnerability in the input module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Deserialization +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of insecure signatures in the ServiceWifiResources module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of insecure signatures in the OsuLogin module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of input parameters being not strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of input parameters being not strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of incomplete permission verification in the input method module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of input parameters being not strictly verified in the AMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Input verification vulnerability in the audio module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Input verification vulnerability in the storage module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Permission control vulnerability in the audio module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability of kernel raw address leakage in the hang detector module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Buffer overflow vulnerability in the modem pinctrl module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Input verification vulnerability in the WMS API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Vulnerability of missing input length verification in the distributed file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Format string vulnerability in the distributed file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of incomplete input parameter verification in the communication framework module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of failures to capture exceptions in the communication framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Key management vulnerability on system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Huawei +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The pgmng module has a vulnerability in serialization/deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Some smartphones have the input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Some smartphones have configuration issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Some smartphones have the out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Wi-Fi module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The kernel module has an out-of-bounds read vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Fingerprint calibration has a vulnerability of lacking boundary judgment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The HAware module has a function logic error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The power consumption module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A thread security vulnerability exists in the authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The ProfileSDK has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The IPC module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The sensor privacy module has an authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The application management module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The system service has a vulnerability that causes incorrect return values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The system tool has inconsistent serialization and deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Harmonyos Emui
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The backup module has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Emui +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

There is a race condition vulnerability in SD upgrade mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The system framework layer has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The preset launcher module has a permission verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The launcher module has an Intent redirection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Emui Harmonyos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The AMS module has a vulnerability of serialization/deserialization mismatch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The DDMP/ODMF module has a service hijacking vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The power module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The lock screen module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The iaware module has a vulnerability in thread security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The LBS module has a vulnerability in geofencing API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos Emui
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

There is a vulnerability in permission verification during the Bluetooth pairing process. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Missing parameter type validation in the DRM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 3.4
LOW Monitor

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
Prev Page 6 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy