Huawei Harmonyos vulnerabilities

CVE-2024-57956 [HIGH] CWE-680 CVE-2024-57956: Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-12602 [HIGH] CWE-300 CVE-2024-12602: Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of th Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57957 [HIGH] CWE-657 CVE-2024-57957: Vulnerability of improper log information control in the UI framework module Impact: Successful expl Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57955 [HIGH] CWE-787 CVE-2024-57955: Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnera Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52953 [CRITICAL] CWE-22 CVE-2023-52953: Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vuln Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-56442 [HIGH] CWE-227 CVE-2024-56442: Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful expl Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56436 [HIGH] CWE-1021 CVE-2024-56436: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56444 [HIGH] CWE-264 CVE-2024-56444: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52955 [HIGH] CWE-264 CVE-2023-52955: Vulnerability of improper authentication in the ANS system service module Impact: Successful exploit Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56435 [HIGH] CWE-1021 CVE-2024-56435: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56443 [HIGH] CWE-200 CVE-2024-56443: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56447 [HIGH] CWE-269 CVE-2024-56447: Vulnerability of improper permission control in the window management module Impact: Successful expl Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56437 [HIGH] CWE-20 CVE-2024-56437: Vulnerability of input parameters not being verified in the widget framework module Impact: Successf Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56439 [HIGH] CWE-311 CVE-2024-56439: Access control vulnerability in the identity authentication module Impact: Successful exploitation o Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56434 [HIGH] CWE-416 CVE-2024-56434: UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerabi UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

CVE-2024-56438 [HIGH] CWE-119 CVE-2024-56438: Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitati Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-54121 [HIGH] CWE-20 CVE-2024-54121: Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerab Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56440 [HIGH] CWE-264 CVE-2024-56440: Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56448 [HIGH] CWE-94 CVE-2024-56448: Vulnerability of improper access control in the home screen widget module Impact: Successful exploit Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56449 [HIGH] CWE-840 CVE-2024-56449: Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vul Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.