Huawei Harmonyos vulnerabilities
1,076 known vulnerabilities affecting huawei/harmonyos.
Total CVEs
1,076
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL138HIGH534MEDIUM365LOW39
Vulnerabilities
Page 30 of 54
CVE-2023-39388HIGHCVSS 7.5v2.0.0v2.0.1+3 more2023-08-13
CVE-2023-39388 [HIGH] CWE-120 CVE-2023-39388: Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
nvd
CVE-2023-39393HIGHCVSS 7.5v2.0.1v3.0.0+1 more2023-08-13
CVE-2023-39393 [HIGH] CWE-200 CVE-2023-39393: Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of
Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.
nvd
CVE-2023-39386HIGHCVSS 7.5v3.0.0v3.1.02023-08-13
CVE-2023-39386 [HIGH] CWE-120 CVE-2023-39386: Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.
nvd
CVE-2023-39383HIGHCVSS 7.5v2.0.0v2.0.1+3 more2023-08-13
CVE-2023-39383 [HIGH] CWE-200 CVE-2023-39383: Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploita
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
nvd
CVE-2023-39406HIGHCVSS 7.5v3.0.02023-08-13
CVE-2023-39406 [HIGH] CWE-264 CVE-2023-39406: Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerabi
Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.
nvd
CVE-2023-39392HIGHCVSS 7.5v2.0.1v3.0.0+1 more2023-08-13
CVE-2023-39392 [HIGH] CWE-16 CVE-2023-39392: Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnera
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
nvd
CVE-2023-39380HIGHCVSS 7.5v3.0.0v3.1.02023-08-13
CVE-2023-39380 [HIGH] CWE-264 CVE-2023-39380: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.
nvd
CVE-2023-39384HIGHCVSS 7.5v2.0.1v3.0.0+3 more2023-08-13
CVE-2023-39384 [HIGH] CWE-264 CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module. Successful exploitat
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.
nvd
CVE-2023-39397HIGHCVSS 7.5v2.0.1v3.0.0+1 more2023-08-13
CVE-2023-39397 [HIGH] CWE-476 CVE-2023-39397: Input parameter verification vulnerability in the communication system. Successful exploitation of t
Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.
nvd
CVE-2023-39387MEDIUMCVSS 5.3v2.0.0v2.0.1+3 more2023-08-13
CVE-2023-39387 [MEDIUM] CWE-264 CVE-2023-39387: Vulnerability of permission control in the window management module. Successful exploitation of this
Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
nvd
CVE-2022-48511CRITICALCVSS 9.8v2.0.02023-07-06
CVE-2022-48511 [CRITICAL] CWE-843 CVE-2022-48511: Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successf
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.
nvd
CVE-2022-48510CRITICALCVSS 9.8v2.0.02023-07-06
CVE-2022-48510 [CRITICAL] CWE-200 CVE-2022-48510: Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability wi
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
nvd
CVE-2023-37240CRITICALCVSS 9.1v2.0.1v3.0.0+1 more2023-07-06
CVE-2023-37240 [CRITICAL] CWE-125 CVE-2023-37240:
Vulnerability of missing input length verification in the distributed file system. Successful expl
Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.
nvd
CVE-2023-37245CRITICALCVSS 9.1v2.0v2.1+3 more2023-07-06
CVE-2023-37245 [CRITICAL] CWE-120 CVE-2023-37245: Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerabi
Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.
nvd
CVE-2022-48513CRITICALCVSS 9.8v2.0.0v2.0.1+2 more2023-07-06
CVE-2022-48513 [CRITICAL] CWE-290 CVE-2022-48513: Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
nvd
CVE-2022-48512CRITICALCVSS 9.8v2.0.02023-07-06
CVE-2022-48512 [CRITICAL] CWE-122 CVE-2022-48512: Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this v
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.
nvd
CVE-2023-37242CRITICALCVSS 9.8v2.0v3.0.0+1 more2023-07-06
CVE-2023-37242 [CRITICAL] CWE-639 CVE-2023-37242: Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.
nvd
CVE-2021-46894CRITICALCVSS 9.8v2.0.02023-07-06
CVE-2021-46894 [CRITICAL] CWE-269 CVE-2021-46894: Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerabilit
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
nvd
CVE-2023-34164HIGHCVSS 7.5v3.0.0v3.1.02023-07-06
CVE-2023-34164 [HIGH] CWE-476 CVE-2023-34164: Vulnerability of incomplete input parameter verification in the communication framework module. Succ
Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.
nvd
CVE-2022-48514HIGHCVSS 7.5v2.1.02023-07-06
CVE-2022-48514 [HIGH] CWE-200 CVE-2022-48514: The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitati
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.
nvd