Huawei Harmonyos vulnerabilities

CVE-2021-37110 [HIGH] CVE-2021-37110: There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may aff There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39985 [HIGH] CWE-129 CVE-2021-39985: The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitati The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-39975 [HIGH] CVE-2021-39975: Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability m Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.

CVE-2021-39969 [HIGH] CVE-2021-39969: There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39974 [HIGH] CWE-125 CVE-2021-39974: There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affe There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39989 [HIGH] CWE-704 CVE-2021-39989: The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerabili The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-39971 [HIGH] CWE-668 CVE-2021-39971: Password vault has a External Control of System or Configuration Setting vulnerability.Successful ex Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.

CVE-2021-39966 [HIGH] CWE-909 CVE-2021-39966: There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulner There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37098 [HIGH] CVE-2021-37098: Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vul Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash.

CVE-2021-37117 [HIGH] CVE-2021-37117: There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-39973 [HIGH] CWE-476 CVE-2021-39973: There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down.

CVE-2021-39967 [HIGH] CWE-276 CVE-2021-39967: There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast per There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39988 [HIGH] CWE-476 CVE-2021-39988: The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.

CVE-2021-37114 [MEDIUM] CWE-125 CVE-2021-37114: There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerabi There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39981 [MEDIUM] CVE-2021-39981: Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling nu Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call.

CVE-2021-37132 [MEDIUM] CWE-276 CVE-2021-37132: PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful e PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.

CVE-2021-37118 [MEDIUM] CWE-755 CVE-2021-37118: The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful e The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful exploitation of this vulnerability may lead to message leak.

CVE-2021-37112 [MEDIUM] CWE-668 CVE-2021-37112: Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful ex Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.

CVE-2021-39980 [MEDIUM] CWE-200 CVE-2021-39980: Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could lead to sensitive information disclosure.

CVE-2021-37051 [CRITICAL] CWE-125 CVE-2021-37051: There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vu There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access.