HarmonyOS
by HarmonyOS
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48479 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2023 | The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | ||
| CVE-2022-48478 | Cri | 0.64 | 9.8 | 0.00 | May 26, 2023 | The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. | ||
| CVE-2022-46316 | Cri | 0.64 | 9.8 | 0.00 | Dec 20, 2022 | A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | ||
| CVE-2022-38982 | Cri | 0.64 | 9.8 | 0.01 | Oct 14, 2022 | The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked. | ||
| CVE-2021-22480 | Cri | 0.64 | 9.8 | 0.01 | Feb 25, 2022 | The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow. | ||
| CVE-2021-22376 | Hig | 0.55 | 8.4 | 0.00 | Jun 30, 2021 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. | ||
| CVE-2021-37134 | Hig | 0.53 | 8.1 | 0.00 | Jan 3, 2022 | Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. | ||
| CVE-2021-22470 | Hig | 0.51 | 7.8 | 0.00 | Oct 28, 2021 | A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. | ||
| CVE-2021-22458 | Hig | 0.51 | 7.8 | 0.00 | Oct 28, 2021 | A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | ||
| CVE-2021-22451 | Hig | 0.51 | 7.8 | 0.00 | Oct 28, 2021 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | ||
| CVE-2021-22425 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | ||
| CVE-2021-22423 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | ||
| CVE-2021-22422 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | ||
| CVE-2021-22421 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | ||
| CVE-2021-22420 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. | ||
| CVE-2021-22418 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | ||
| CVE-2021-22416 | Hig | 0.51 | 7.8 | 0.00 | Aug 3, 2021 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. | ||
| CVE-2021-40004 | Hig | 0.49 | 7.5 | 0.01 | Jan 10, 2022 | The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | ||
| CVE-2021-39975 | Hig | 0.49 | 7.5 | 0.01 | Jan 3, 2022 | Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks. | ||
| CVE-2021-37126 | Hig | 0.49 | 7.5 | 0.01 | Jan 3, 2022 | Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. |
- risk 0.64cvss 9.8epss 0.00
The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
- risk 0.64cvss 9.8epss 0.00
The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.
- risk 0.64cvss 9.8epss 0.00
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.
- risk 0.64cvss 9.8epss 0.01
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
- risk 0.64cvss 9.8epss 0.01
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.
- risk 0.55cvss 8.4epss 0.00
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.
- risk 0.53cvss 8.1epss 0.00
Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing..
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- risk 0.51cvss 7.8epss 0.00
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.
- risk 0.49cvss 7.5epss 0.01
The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.
- risk 0.49cvss 7.5epss 0.01
Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.
- risk 0.49cvss 7.5epss 0.01
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.
Page 1 of 3