Huawei Harmonyos vulnerabilities

CVE-2021-46881 [HIGH] CWE-120 CVE-2021-46881: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46883 [HIGH] CWE-120 CVE-2021-46883: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46882 [HIGH] CWE-120 CVE-2021-46882: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2023-31226 [HIGH] CWE-863 CVE-2023-31226: The SDK for the MediaPlaybackController module has improper permission verification. Successful expl The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-0116 [HIGH] CWE-306 CVE-2023-0116: The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitati The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.

CVE-2023-31227 [HIGH] CWE-306 CVE-2023-31227: The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of th The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

CVE-2021-46884 [HIGH] CWE-120 CVE-2021-46884: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46886 [HIGH] CWE-120 CVE-2021-46886: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46885 [HIGH] CWE-120 CVE-2021-46885: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2023-0117 [MEDIUM] CWE-287 CVE-2023-0117: The online authentication provided by the hwKitAssistant lacks strict identity verification of appli The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

CVE-2023-31225 [LOW] CWE-362 CVE-2023-31225: The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.

CVE-2023-1696 [HIGH] CWE-203 CVE-2023-1696: The multimedia video module has a vulnerability in data processing.Successful exploitation of this v The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

CVE-2023-1694 [HIGH] CWE-269 CVE-2023-1694: The Settings module has the file privilege escalation vulnerability.Successful exploitation of this The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1692 [HIGH] CWE-732 CVE-2023-1692: The window management module lacks permission verification.Successful exploitation of this vulnerabi The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1693 [HIGH] CWE-269 CVE-2023-1693: The Settings module has the file privilege escalation vulnerability.Successful exploitation of this The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48312 [CRITICAL] CWE-125 CVE-2022-48312: The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE-2022-48314 [MEDIUM] CWE-287 CVE-2022-48314: The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48313 [MEDIUM] CWE-639 CVE-2022-48313: The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48353 [CRITICAL] CWE-269 CVE-2022-48353: Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

CVE-2022-48349 [CRITICAL] CWE-290 CVE-2022-48349: The control component has a spoofing vulnerability. Successful exploitation of this vulnerability ma The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.