Huawei Harmonyos vulnerabilities

CVE-2023-49240 [HIGH] CWE-601 CVE-2023-49240: Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerabil Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49239 [HIGH] CWE-863 CVE-2023-49239: Unauthorized access vulnerability in the card management module. Successful exploitation of this vul Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44113 [HIGH] CWE-862 CVE-2023-44113: Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) modu Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49245 [HIGH] CVE-2023-49245: Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulner Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49244 [HIGH] CVE-2023-49244: Permission management vulnerability in the multi-user module. Successful exploitation of this vulner Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49242 [HIGH] CVE-2023-49242: Free broadcast vulnerability in the running management module. Successful exploitation of this vulne Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49243 [HIGH] CVE-2023-49243: Vulnerability of unauthorized access to email attachments in the email module. Successful exploitati Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44099 [HIGH] CWE-754 CVE-2023-44099: Vulnerability of data verification errors in the kernel module. Successful exploitation of this vuln Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.

CVE-2023-49246 [HIGH] CWE-863 CVE-2023-49246: Unauthorized access vulnerability in the card management module. Successful exploitation of this vul Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49247 [HIGH] CWE-295 CVE-2023-49247: Permission verification vulnerability in distributed scenarios. Successful exploitation of this vuln Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49241 [HIGH] CVE-2023-49241: API permission control vulnerability in the network management module. Successful exploitation of th API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-6273 [MEDIUM] CWE-276 CVE-2023-6273: Permission management vulnerability in the module for disabling Sound Booster. Successful exploitati Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-49248 [MEDIUM] CWE-20 CVE-2023-49248: Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulne Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.

CVE-2023-5801 [CRITICAL] CWE-290 CVE-2023-5801: Vulnerability of identity verification being bypassed in the face unlock module. Successful exploita Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2023-46771 [HIGH] CWE-269 CVE-2023-46771: Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46761 [HIGH] CWE-787 CVE-2023-46761: Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46767 [HIGH] CWE-125 CVE-2023-46767: Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46758 [HIGH] CWE-269 CVE-2023-46758: Permission management vulnerability in the multi-screen interaction module. Successful exploitation Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

CVE-2023-44115 [HIGH] CWE-200 CVE-2023-44115: Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46770 [HIGH] CWE-787 CVE-2023-46770: Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.