Skip to main content

Harmonyos

742 CVEs product

Monthly

CVE-2022-41582 HIGH This Week

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41581 CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-41580 CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41578 CRITICAL Act Now

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-41577 HIGH This Week

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-41576 HIGH This Week

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39011 HIGH This Week

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38998 HIGH This Week

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38986 CRITICAL Act Now

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-38985 HIGH This Week

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38984 HIGH This Week

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38983 CRITICAL Act Now

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38982 CRITICAL Act Now

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38981 HIGH This Week

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38980 CRITICAL Act Now

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38977 HIGH This Week

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39010 HIGH This Week

The HwChrService module has a vulnerability in permission control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39009 CRITICAL Act Now

The WLAN module has a vulnerability in permission verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39008 CRITICAL Act Now

The NFC module has bundle serialization/deserialization vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-39007 CRITICAL Act Now

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39006 MEDIUM This Month

The MPTCP module has the race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-39005 HIGH This Week

The MPTCP module has the memory leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39004 HIGH This Week

The MPTCP module has the memory leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39002 CRITICAL Act Now

Double free vulnerability in the storage module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-39001 HIGH This Week

The number identification module has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39000 CRITICAL Act Now

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38999 CRITICAL Act Now

The AOD module has the improper update of reference count vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38997 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38996 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38995 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38994 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38993 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38992 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38991 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38990 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38989 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38988 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38987 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38979 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-38978 HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-37008 HIGH This Week

The recovery module has a vulnerability of bypassing the verification of an update package before use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-37007 HIGH This Week

The chinadrm module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37006 HIGH This Week

Permission control vulnerability in the network module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37005 HIGH This Week

The Settings application has an argument injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-37004 HIGH This Week

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37003 CRITICAL Act Now

The AOD module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-37002 CRITICAL Act Now

The SystemUI module has a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-37001 HIGH This Week

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34743 HIGH This Week

The AT commands of the USB port have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-34742 HIGH This Week

The system module has a read/write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34741 MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-34740 MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-34739 HIGH This Week

The fingerprint module has a vulnerability of overflow in arithmetic addition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-34738 HIGH This Week

The SystemUI module has a vulnerability in permission control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-34737 CRITICAL Act Now

The application security module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-34736 HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34735 HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31760 CRITICAL Act Now

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-31757 HIGH This Week

The setting module has a vulnerability of improper use of APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31753 HIGH This Week

The voice wakeup module has a vulnerability of using externally-controlled format strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31763 MEDIUM This Month

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31762 HIGH This Week

The AMS module has a vulnerability in input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31759 MEDIUM This Month

AppLink has a vulnerability of accessing uninitialized pointers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31758 MEDIUM This Month

The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-31756 MEDIUM This Month

The fingerprint sensor module has design defects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31755 MEDIUM This Month

The communication module has a vulnerability of improper permission preservation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31751 MEDIUM This Month

The kernel emcom module has multi-thread contention. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22252 HIGH This Week

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29796 HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29795 HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29794 CRITICAL Act Now

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-29793 HIGH This Week

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29792 HIGH This Week

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29791 HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29790 HIGH This Week

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29789 HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22261 HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-22260 CRITICAL Act Now

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-22258 CRITICAL Act Now

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22257 HIGH This Week

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-22256 HIGH This Week

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22255 HIGH This Week

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22254 HIGH This Week

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22253 HIGH This Week

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-37097 HIGH This Week

There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection Harmonyos Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37093 MEDIUM This Month

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37092 HIGH This Week

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37075 HIGH This Week

There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-37074 HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Race Condition Harmonyos Emui +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-37069 HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Race Condition Harmonyos Emui +1
NVD
CVSS 3.1
7.4
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Harmonyos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Buffer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HwChrService module has a vulnerability in permission control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WLAN module has a vulnerability in permission verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The NFC module has bundle serialization/deserialization vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The MPTCP module has the race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Emui +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The MPTCP module has the memory leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The MPTCP module has the memory leak vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Double free vulnerability in the storage module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The number identification module has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The AOD module has the improper update of reference count vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The secure OS module has configuration defects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The recovery module has a vulnerability of bypassing the verification of an update package before use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The chinadrm module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Emui +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Permission control vulnerability in the network module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Settings application has an argument injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The AOD module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Emui +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The SystemUI module has a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Emui +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The AT commands of the USB port have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The system module has a read/write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The fingerprint module has a vulnerability of overflow in arithmetic addition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The SystemUI module has a vulnerability in permission control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The application security module has a vulnerability in permission assignment. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The setting module has a vulnerability of improper use of APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The voice wakeup module has a vulnerability of using externally-controlled format strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The AMS module has a vulnerability in input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

AppLink has a vulnerability of accessing uninitialized pointers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Emui +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Emui +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The fingerprint sensor module has design defects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The communication module has a vulnerability of improper permission preservation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The kernel emcom module has multi-thread contention. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The frame scheduling module has a null pointer dereference vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei RCE Code Injection +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Race Condition +3
NVD
EPSS 1% CVSS 7.4
HIGH This Week

There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Race Condition +3
NVD
Prev Page 7 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy