Harmonyos
by Huawei
CVEs (1,067)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39383 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security. | |||
| CVE-2023-39382 | 0.00 | — | 0.00 | Aug 13, 2023 | Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart. | |||
| CVE-2023-39381 | 0.00 | — | 0.00 | Aug 13, 2023 | Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart. | |||
| CVE-2023-39380 | 0.00 | — | 0.00 | Aug 13, 2023 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally. | |||
| CVE-2023-39405 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges. | |||
| CVE-2023-39396 | 0.00 | — | 0.00 | Aug 13, 2023 | Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2023-39393 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten. | |||
| CVE-2023-39392 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. | |||
| CVE-2023-39389 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||
| CVE-2023-39388 | 0.00 | — | 0.00 | Aug 13, 2023 | Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. | |||
| CVE-2022-48520 | 0.00 | — | 0.00 | Jul 6, 2023 | Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48519 | 0.00 | — | 0.00 | Jul 6, 2023 | Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48518 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the… | |||
| CVE-2023-1695 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2023-1691 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||
| CVE-2022-48517 | 0.00 | — | 0.00 | Jul 6, 2023 | Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability. | |||
| CVE-2022-48516 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality. | |||
| CVE-2022-48515 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2022-48514 | 0.00 | — | 0.00 | Jul 6, 2023 | The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48513 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access. |
- CVE-2023-39383Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
- CVE-2023-39382Aug 13, 2023risk 0.00cvss —epss 0.00
Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
- CVE-2023-39381Aug 13, 2023risk 0.00cvss —epss 0.00
Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.
- CVE-2023-39380Aug 13, 2023risk 0.00cvss —epss 0.00
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.
- CVE-2023-39405Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.
- CVE-2023-39396Aug 13, 2023risk 0.00cvss —epss 0.00
Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.
- CVE-2023-39393Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.
- CVE-2023-39392Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
- CVE-2023-39389Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
- CVE-2023-39388Aug 13, 2023risk 0.00cvss —epss 0.00
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
- CVE-2022-48520Jul 6, 2023risk 0.00cvss —epss 0.00
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48519Jul 6, 2023risk 0.00cvss —epss 0.00
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48518Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the…
- CVE-2023-1695Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2023-1691Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
- CVE-2022-48517Jul 6, 2023risk 0.00cvss —epss 0.00
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.
- CVE-2022-48516Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.
- CVE-2022-48515Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2022-48514Jul 6, 2023risk 0.00cvss —epss 0.00
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48513Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
Page 30 of 54