Huawei Harmonyos vulnerabilities

CVE-2024-54099 [HIGH] CWE-552 CVE-2024-54099: File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-54111 [HIGH] CWE-345 CVE-2024-54111: Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54100 [HIGH] CWE-20 CVE-2024-54100: Vulnerability of improper access control in the secure input module Impact: Successful exploitation Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-54097 [HIGH] CWE-15 CVE-2024-54097: Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability ma Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.

CVE-2024-54105 [HIGH] CWE-120 CVE-2024-54105: Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54103 [HIGH] CWE-264 CVE-2024-54103: Vulnerability of improper access control in the album module Impact: Successful exploitation of this Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54115 [HIGH] CWE-754 CVE-2024-54115: Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerab Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54117 [HIGH] CWE-200 CVE-2024-54117: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54107 [HIGH] CWE-125 CVE-2024-54107: Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulner Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54098 [HIGH] CWE-840 CVE-2024-54098: Service logic error vulnerability in the system service module Impact: Successful exploitation of th Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2024-54113 [HIGH] CWE-400 CVE-2024-54113: Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploit Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption.

CVE-2024-54106 [HIGH] CWE-248 CVE-2024-54106: Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54114 [HIGH] CWE-754 CVE-2024-54114: Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54104 [HIGH] CWE-264 CVE-2024-54104: Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation o Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54101 [MEDIUM] CWE-20 CVE-2024-54101: Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-54096 [MEDIUM] CWE-284 CVE-2024-54096: Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this v Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.

CVE-2024-54102 [MEDIUM] CWE-362 CVE-2024-54102: Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-54122 [MEDIUM] CWE-362 CVE-2024-54122: Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of th Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-51523 [HIGH] CWE-840 CVE-2024-51523: Information management vulnerability in the Gallery module Impact: Successful exploitation of this v Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-51518 [HIGH] CWE-248 CVE-2024-51518: Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability.