Harmonyos
by Huawei
CVEs (1,067)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48290 | 0.00 | — | 0.00 | Feb 9, 2023 | The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | |||
| CVE-2022-48287 | 0.00 | — | 0.00 | Feb 9, 2023 | The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. | |||
| CVE-2022-48302 | 0.00 | — | 0.00 | Feb 9, 2023 | The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48295 | 0.00 | — | 0.00 | Feb 9, 2023 | The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | |||
| CVE-2022-48296 | 0.00 | — | 0.00 | Feb 9, 2023 | The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | |||
| CVE-2022-48297 | 0.00 | — | 0.00 | Feb 9, 2023 | The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||
| CVE-2022-48301 | 0.00 | — | 0.00 | Feb 9, 2023 | The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | |||
| CVE-2022-48289 | 0.00 | — | 0.00 | Feb 9, 2023 | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48298 | 0.00 | — | 0.00 | Feb 9, 2023 | The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | |||
| CVE-2022-48293 | 0.00 | — | 0.00 | Feb 9, 2023 | The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48300 | 0.00 | — | 0.00 | Feb 9, 2023 | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48288 | 0.00 | — | 0.00 | Feb 9, 2023 | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48286 | 0.00 | — | 0.00 | Feb 9, 2023 | The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-48292 | 0.00 | — | 0.00 | Feb 9, 2023 | The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-46761 | 0.00 | — | 0.00 | Jan 6, 2023 | The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | |||
| CVE-2022-46762 | 0.00 | — | 0.00 | Jan 6, 2023 | The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | |||
| CVE-2022-47976 | 0.00 | — | 0.00 | Jan 6, 2023 | The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | |||
| CVE-2022-47975 | 0.00 | — | 0.01 | Jan 6, 2023 | The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. | |||
| CVE-2021-46867 | 0.00 | — | 0.00 | Jan 6, 2023 | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | |||
| CVE-2022-47974 | 0.00 | — | 0.00 | Jan 6, 2023 | The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. |
- CVE-2022-48290Feb 9, 2023risk 0.00cvss —epss 0.00
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
- CVE-2022-48287Feb 9, 2023risk 0.00cvss —epss 0.00
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
- CVE-2022-48302Feb 9, 2023risk 0.00cvss —epss 0.00
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48295Feb 9, 2023risk 0.00cvss —epss 0.00
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
- CVE-2022-48296Feb 9, 2023risk 0.00cvss —epss 0.00
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
- CVE-2022-48297Feb 9, 2023risk 0.00cvss —epss 0.00
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
- CVE-2022-48301Feb 9, 2023risk 0.00cvss —epss 0.00
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
- CVE-2022-48289Feb 9, 2023risk 0.00cvss —epss 0.00
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48298Feb 9, 2023risk 0.00cvss —epss 0.00
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
- CVE-2022-48293Feb 9, 2023risk 0.00cvss —epss 0.00
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48300Feb 9, 2023risk 0.00cvss —epss 0.00
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48288Feb 9, 2023risk 0.00cvss —epss 0.00
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48286Feb 9, 2023risk 0.00cvss —epss 0.00
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-48292Feb 9, 2023risk 0.00cvss —epss 0.00
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-46761Jan 6, 2023risk 0.00cvss —epss 0.00
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
- CVE-2022-46762Jan 6, 2023risk 0.00cvss —epss 0.00
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-47976Jan 6, 2023risk 0.00cvss —epss 0.00
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
- CVE-2022-47975Jan 6, 2023risk 0.00cvss —epss 0.01
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
- CVE-2021-46867Jan 6, 2023risk 0.00cvss —epss 0.00
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
- CVE-2022-47974Jan 6, 2023risk 0.00cvss —epss 0.00
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
Page 35 of 54