Huawei Harmonyos vulnerabilities

CVE-2024-30415 [CRITICAL] CWE-276 CVE-2024-30415: Vulnerability of improper permission control in the window management module. Impact: Successful exp Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30414 [HIGH] CWE-78 CVE-2024-30414: Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of thi Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52715 [HIGH] CWE-732 CVE-2023-52715: The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-30413 [HIGH] CWE-732 CVE-2024-30413: Vulnerability of improper permission control in the window management module. Impact: Successful exp Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30418 [HIGH] CWE-280 CVE-2024-30418: Vulnerability of insufficient permission verification in the app management module. Impact: Successf Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52716 [HIGH] CWE-269 CVE-2023-52716: Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. I Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30417 [HIGH] CWE-22 CVE-2024-30417: Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30416 [HIGH] CWE-416 CVE-2024-30416: Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52713 [HIGH] CWE-862 CVE-2023-52713: Vulnerability of improper permission control in the window management module. Impact: Successful exp Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-52714 [HIGH] CWE-657 CVE-2023-52714: Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful ex Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52717 [MEDIUM] CWE-276 CVE-2023-52717: Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52370 [CRITICAL] CWE-120 CVE-2023-52370: Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vuln Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

CVE-2023-52369 [CRITICAL] CWE-787 CVE-2023-52369: Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may aff Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52378 [CRITICAL] CWE-693 CVE-2023-52378: Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52381 [CRITICAL] CWE-94 CVE-2023-52381: Script injection vulnerability in the email module.Successful exploitation of this vulnerability may Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2023-52372 [HIGH] CWE-20 CVE-2023-52372: Vulnerability of input parameter verification in the motor module.Successful exploitation of this vu Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52097 [HIGH] CWE-200 CVE-2023-52097: Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploit Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52357 [HIGH] CWE-502 CVE-2023-52357: Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploi Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52376 [HIGH] CWE-212 CVE-2023-52376: Information management vulnerability in the Gallery module.Successful exploitation of this vulnerabi Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52367 [HIGH] CWE-284 CVE-2023-52367: Vulnerability of improper access control in the media library module.Successful exploitation of this Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.