Harmonyos
by Huawei
CVEs (1,067)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48359 | 0.00 | — | 0.00 | Mar 27, 2023 | The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48352 | 0.00 | — | 0.00 | Mar 27, 2023 | Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic. | |||
| CVE-2022-48356 | 0.00 | — | 0.00 | Mar 27, 2023 | The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition. | |||
| CVE-2022-48350 | 0.00 | — | 0.00 | Mar 27, 2023 | The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48353 | 0.00 | — | 0.00 | Mar 27, 2023 | Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions. | |||
| CVE-2022-48358 | 0.00 | — | 0.00 | Mar 27, 2023 | The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions. | |||
| CVE-2023-26547 | 0.00 | — | 0.00 | Mar 27, 2023 | The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. | |||
| CVE-2023-26548 | 0.00 | — | 0.01 | Mar 27, 2023 | The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2022-48357 | 0.00 | — | 0.00 | Mar 27, 2023 | Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. | |||
| CVE-2022-48360 | 0.00 | — | 0.00 | Mar 27, 2023 | The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48349 | 0.00 | — | 0.00 | Mar 27, 2023 | The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | |||
| CVE-2022-48291 | 0.00 | — | 0.00 | Mar 27, 2023 | The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48355 | 0.00 | — | 0.00 | Mar 27, 2023 | The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash. | |||
| CVE-2022-48346 | 0.00 | — | 0.00 | Mar 27, 2023 | The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48351 | 0.00 | — | 0.00 | Mar 27, 2023 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. | |||
| CVE-2022-48354 | 0.00 | — | 0.00 | Mar 27, 2023 | The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash. | |||
| CVE-2023-26549 | 0.00 | — | 0.00 | Mar 27, 2023 | The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48347 | 0.00 | — | 0.00 | Mar 27, 2023 | The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality. | |||
| CVE-2022-48294 | 0.00 | — | 0.00 | Feb 9, 2023 | The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48299 | 0.00 | — | 0.00 | Feb 9, 2023 | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
- CVE-2022-48359Mar 27, 2023risk 0.00cvss —epss 0.00
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48352Mar 27, 2023risk 0.00cvss —epss 0.00
Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.
- CVE-2022-48356Mar 27, 2023risk 0.00cvss —epss 0.00
The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
- CVE-2022-48350Mar 27, 2023risk 0.00cvss —epss 0.00
The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48353Mar 27, 2023risk 0.00cvss —epss 0.00
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
- CVE-2022-48358Mar 27, 2023risk 0.00cvss —epss 0.00
The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.
- CVE-2023-26547Mar 27, 2023risk 0.00cvss —epss 0.00
The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
- CVE-2023-26548Mar 27, 2023risk 0.00cvss —epss 0.01
The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.
- CVE-2022-48357Mar 27, 2023risk 0.00cvss —epss 0.00
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
- CVE-2022-48360Mar 27, 2023risk 0.00cvss —epss 0.00
The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48349Mar 27, 2023risk 0.00cvss —epss 0.00
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
- CVE-2022-48291Mar 27, 2023risk 0.00cvss —epss 0.00
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48355Mar 27, 2023risk 0.00cvss —epss 0.00
The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
- CVE-2022-48346Mar 27, 2023risk 0.00cvss —epss 0.00
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48351Mar 27, 2023risk 0.00cvss —epss 0.00
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.
- CVE-2022-48354Mar 27, 2023risk 0.00cvss —epss 0.00
The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
- CVE-2023-26549Mar 27, 2023risk 0.00cvss —epss 0.00
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48347Mar 27, 2023risk 0.00cvss —epss 0.00
The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.
- CVE-2022-48294Feb 9, 2023risk 0.00cvss —epss 0.00
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48299Feb 9, 2023risk 0.00cvss —epss 0.00
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Page 34 of 54