Huawei Harmonyos vulnerabilities

CVE-2023-52954 [HIGH] CWE-701 CVE-2023-52954: Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation o Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56446 [HIGH] CWE-457 CVE-2024-56446: Vulnerability of variables not being initialized in the notification module Impact: Successful explo Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56455 [MEDIUM] CWE-120 CVE-2024-56455: Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56454 [MEDIUM] CWE-120 CVE-2024-56454: Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56450 [MEDIUM] CWE-120 CVE-2024-56450: Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56445 [MEDIUM] CWE-287 CVE-2024-56445: Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploit Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-54120 [MEDIUM] CWE-362 CVE-2024-54120: Race condition vulnerability in the distributed notification module Impact: Successful exploitation Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56453 [MEDIUM] CWE-120 CVE-2024-56453: Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56452 [MEDIUM] CWE-120 CVE-2024-56452: Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56441 [MEDIUM] CWE-362 CVE-2024-56441: Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerabil Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56456 [MEDIUM] CWE-120 CVE-2024-56456: Vulnerability of input parameters not being verified during glTF model loading in the 3D engine modu Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56451 [MEDIUM] CWE-680 CVE-2024-56451: Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2021-22484 [HIGH] CWE-20 CVE-2021-22484: Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM).

CVE-2021-37000 [HIGH] CWE-255 CVE-2021-37000: Some Huawei wearables have a permission management vulnerability. Some Huawei wearables have a permission management vulnerability.

CVE-2024-54112 [HIGH] CWE-1021 CVE-2024-54112: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54109 [HIGH] CWE-125 CVE-2024-54109: Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54108 [HIGH] CWE-125 CVE-2024-54108: Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54119 [HIGH] CWE-200 CVE-2024-54119: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54116 [HIGH] CWE-754 CVE-2024-54116: Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerab Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-54110 [HIGH] CWE-1021 CVE-2024-54110: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.