Huawei Harmonyos
By the Year
In 2022 there have been 129 vulnerabilities in Huawei Harmonyos with an average score of 7.5 out of ten. Last year Harmonyos had 118 security vulnerabilities published. That is, 11 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.29.
Year | Vulnerabilities | Average Score |
---|---|---|
2022 | 129 | 7.50 |
2021 | 118 | 7.21 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Harmonyos vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Harmonyos Security Vulnerabilities
The bone voice ID TA has a memory overwrite vulnerability
CVE-2021-40036
9.8 - Critical
- June 13, 2022
The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.
Memory Corruption
HwSEServiceAPP has a vulnerability in permission management
CVE-2021-46811
5.3 - Medium
- June 13, 2022
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
Incorrect Default Permissions
The voice wakeup module has a vulnerability of using externally-controlled format strings
CVE-2022-31753
7.5 - High
- June 13, 2022
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.
Use of Externally-Controlled Format String
The setting module has a vulnerability of improper use of APIs
CVE-2022-31757
7.5 - High
- June 13, 2022
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services
CVE-2022-31760
9.1 - Critical
- June 13, 2022
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
The Device Manager has a vulnerability in multi-device interaction
CVE-2021-46812
7.5 - High
- June 13, 2022
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
The kernel module has the race condition vulnerability
CVE-2022-31758
4.7 - Medium
- June 13, 2022
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Race Condition
The video framework has an out-of-bounds memory read/write vulnerability
CVE-2021-46814
7.5 - High
- June 13, 2022
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
Memory Corruption
The kernel emcom module has multi-thread contention
CVE-2022-31751
5.5 - Medium
- June 13, 2022
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
The communication module has a vulnerability of improper permission preservation
CVE-2022-31755
5.5 - Medium
- June 13, 2022
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
Improper Preservation of Permissions
The fingerprint sensor module has design defects
CVE-2022-31756
5.5 - Medium
- June 13, 2022
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
AppLink has a vulnerability of accessing uninitialized pointers
CVE-2022-31759
5.5 - Medium
- June 13, 2022
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
Access of Uninitialized Pointer
The AMS module has a vulnerability in input validation
CVE-2022-31762
7.8 - High
- June 13, 2022
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
Improper Input Validation
The kernel module has the null pointer and out-of-bounds array vulnerabilities
CVE-2022-31763
5.5 - Medium
- June 13, 2022
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
NULL Pointer Dereference
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.
CVE-2022-22252
7.5 - High
- May 13, 2022
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.
Dangling pointer
The Property module has a vulnerability in permission control.This vulnerability
CVE-2021-46785
5.3 - Medium
- May 13, 2022
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
AuthZ
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-46786
9.8 - Critical
- May 13, 2022
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
Buffer Overflow
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
CVE-2021-46787
7.5 - High
- May 13, 2022
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
CVE-2022-22260
9.1 - Critical
- May 13, 2022
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
Dangling pointer
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-22261
7.5 - High
- May 13, 2022
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-29789
7.5 - High
- May 13, 2022
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
CVE-2022-29790
7.5 - High
- May 13, 2022
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-29791
7.5 - High
- May 13, 2022
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-29792
7.5 - High
- May 13, 2022
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.
CVE-2022-29793
7.5 - High
- May 13, 2022
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity
CVE-2022-29794
9.8 - Critical
- May 13, 2022
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
Dangling pointer
The frame scheduling module has a null pointer dereference vulnerability
CVE-2022-29795
7.5 - High
- May 13, 2022
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
NULL Pointer Dereference
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-29796
7.5 - High
- May 13, 2022
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22254
7.5 - High
- April 11, 2022
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
AuthZ
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22256
7.5 - High
- April 11, 2022
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
CVE-2022-22253
7.5 - High
- April 11, 2022
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
Improper Validation of Integrity Check Value
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
CVE-2022-22255
7.5 - High
- April 11, 2022
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-22257
7.5 - High
- April 11, 2022
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
Improper Privilege Management
The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may
CVE-2022-22258
9.8 - Critical
- April 11, 2022
The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46740
7.5 - High
- April 11, 2022
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
authentification
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
CVE-2021-46742
9.1 - Critical
- April 11, 2022
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
authentification
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40065
7.5 - High
- April 11, 2022
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module
CVE-2021-40061
7.5 - High
- March 10, 2022
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
Object Type Confusion
There is an improper access control vulnerability in the video module
CVE-2021-40063
7.5 - High
- March 10, 2022
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
There is a heap-based buffer overflow vulnerability in system components
CVE-2021-40064
7.5 - High
- March 10, 2022
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
Memory Corruption
There is a vulnerability of memory not being released after effective lifetime in the Bastet module
CVE-2021-40047
7.5 - High
- March 10, 2022
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
Memory Leak
There is an incorrect buffer size calculation vulnerability in the video framework
CVE-2021-40048
7.5 - High
- March 10, 2022
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
Incorrect Calculation of Buffer Size
There is a permission control vulnerability in the PMS module
CVE-2021-40049
7.5 - High
- March 10, 2022
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
Incorrect Default Permissions
There is an out-of-bounds read vulnerability in the IFAA module
CVE-2021-40050
9.8 - Critical
- March 10, 2022
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.
Out-of-bounds Read
There is an unauthorized access vulnerability in system components
CVE-2021-40051
7.5 - High
- March 10, 2022
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.
Exposure of Resource to Wrong Sphere
There is an incorrect buffer size calculation vulnerability in the video framework
CVE-2021-40052
7.5 - High
- March 10, 2022
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
Incorrect Calculation of Buffer Size
There is a man-in-the-middle attack vulnerability during system update download in recovery mode
CVE-2021-40055
5.9 - Medium
- March 10, 2022
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
The interface of a certain HarmonyOS module has an integer overflow vulnerability
CVE-2021-22480
9.8 - Critical
- February 25, 2022
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.
Integer Overflow or Wraparound
There is a DoS vulnerability in smartphones
CVE-2021-22489
7.5 - High
- February 25, 2022
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.
The interface of a certain HarmonyOS module has an invalid address access vulnerability
CVE-2021-22479
5.5 - Medium
- February 25, 2022
The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
Buffer Overflow
The interface of a certain HarmonyOS module has a UAF vulnerability
CVE-2021-22478
5.5 - Medium
- February 25, 2022
The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.
Dangling pointer
Some Huawei products have an integer overflow vulnerability
CVE-2021-22441
5.5 - Medium
- February 25, 2022
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
Integer Overflow or Wraparound
There is a memory address out of bounds vulnerability in smartphones
CVE-2021-22434
9.8 - Critical
- February 25, 2022
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
Buffer Overflow
There is a memory address out of bounds in smartphones
CVE-2021-22433
9.8 - Critical
- February 25, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
Buffer Overflow
There is a vulnerability when configuring permission isolation in smartphones
CVE-2021-22432
9.8 - Critical
- February 25, 2022
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.
Buffer Overflow
There is a logic bypass vulnerability in smartphones
CVE-2021-22430
9.8 - Critical
- February 25, 2022
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.
Code Injection
There is a memory address out of bounds in smartphones
CVE-2021-22429
9.8 - Critical
- February 25, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
Buffer Overflow
There is a memory address out of bounds in smartphones
CVE-2021-22426
9.8 - Critical
- February 25, 2022
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
Buffer Overflow
There is a code injection vulnerability in smartphones
CVE-2021-22395
7.5 - High
- February 25, 2022
There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.
Code Injection
There is a buffer overflow vulnerability in smartphones
CVE-2021-22394
9.1 - Critical
- February 25, 2022
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
Classic Buffer Overflow
There is an improper verification vulnerability in smartphones
CVE-2021-22319
7.5 - High
- February 25, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
Integer Overflow or Wraparound
There is a vulnerability when configuring permission isolation in smartphones
CVE-2021-22431
9.8 - Critical
- February 25, 2022
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.
Buffer Overflow
There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.
CVE-2021-40015
4.7 - Medium
- February 09, 2022
There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.
Race Condition
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-40045
5.5 - Medium
- February 09, 2022
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
Improper Verification of Cryptographic Signature
There is an uncontrolled resource consumption vulnerability in the display module
CVE-2021-40011
7.5 - High
- January 10, 2022
There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.
Resource Exhaustion
The Bluetooth module has an out-of-bounds write vulnerability
CVE-2021-40000
8.8 - High
- January 10, 2022
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
Memory Corruption
The eID module has a vulnerability
CVE-2021-40025
7.5 - High
- January 10, 2022
The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.
Improper Initialization
The weaver module has a vulnerability in parameter type verification
CVE-2021-40022
7.5 - High
- January 10, 2022
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.
The eID module has an out-of-bounds memory write vulnerability
CVE-2021-40021
7.5 - High
- January 10, 2022
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.
Memory Corruption
The eID module has a null pointer reference vulnerability
CVE-2021-40018
7.5 - High
- January 10, 2022
The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
NULL Pointer Dereference
The bone voice ID trusted application (TA) has a heap overflow vulnerability
CVE-2021-40014
7.5 - High
- January 10, 2022
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Memory Corruption
The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.
CVE-2021-40010
9.8 - Critical
- January 10, 2022
The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.
Memory Corruption
There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones
CVE-2021-39998
7.5 - High
- January 10, 2022
There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones
CVE-2021-39996
9.8 - Critical
- January 10, 2022
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.
Memory Corruption
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones
CVE-2021-40029
7.5 - High
- January 10, 2022
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
Classic Buffer Overflow
The eID module has an out-of-bounds memory write vulnerability
CVE-2021-40028
7.5 - High
- January 10, 2022
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.
Memory Corruption
The bone voice ID TA has a vulnerability in calculating the buffer length
CVE-2021-40027
7.5 - High
- January 10, 2022
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.
Buffer Overflow
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones
CVE-2021-40026
7.5 - High
- January 10, 2022
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
Memory Corruption
The fingerprint module has a security risk of brute force cracking
CVE-2021-40006
4.6 - Medium
- January 10, 2022
The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.
Inadequate Encryption Strength
There is a Null pointer dereference vulnerability in the camera module in smartphones
CVE-2021-40039
7.5 - High
- January 10, 2022
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
NULL Pointer Dereference
There is a Double free vulnerability in the AOD module in smartphones
CVE-2021-40038
7.5 - High
- January 10, 2022
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
Double-free
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones
CVE-2021-40037
5.5 - Medium
- January 10, 2022
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
Object Type Confusion
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones
CVE-2021-40035
7.5 - High
- January 10, 2022
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
Classic Buffer Overflow
The bone voice ID TA has a vulnerability in information management
CVE-2021-40032
7.5 - High
- January 10, 2022
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.
There is an Out-of-bounds write vulnerability in the AOD module in smartphones
CVE-2021-40009
5.3 - Medium
- January 10, 2022
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
Memory Corruption
The distributed data service component has a vulnerability in data access control
CVE-2021-40005
7.5 - High
- January 10, 2022
The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.
Exposure of Resource to Wrong Sphere
The cellular module has a vulnerability in permission management
CVE-2021-40004
7.5 - High
- January 10, 2022
The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.
Incorrect Default Permissions
The CaasKit module has a path traversal vulnerability
CVE-2021-40001
5.3 - Medium
- January 10, 2022
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.
Directory traversal
The Bluetooth module has an out-of-bounds write vulnerability
CVE-2021-40002
8.8 - High
- January 10, 2022
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
Memory Corruption
HwPCAssistant has a path traversal vulnerability
CVE-2021-40003
5.3 - Medium
- January 10, 2022
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Directory traversal
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37117
7.5 - High
- January 03, 2022
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause
CVE-2021-37116
9.1 - Critical
- January 03, 2022
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed.
Improper Input Validation
There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37114
5.3 - Medium
- January 03, 2022
There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
Out-of-bounds Read
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.
CVE-2021-37112
5.3 - Medium
- January 03, 2022
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.
Externally Controlled Reference to a Resource in Another Sphere
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.
CVE-2021-37111
7.5 - High
- January 03, 2022
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.
Allocation of Resources Without Limits or Throttling
There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37110
7.5 - High
- January 03, 2022
There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39988
7.5 - High
- January 03, 2022
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
NULL Pointer Dereference
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39989
7.5 - High
- January 03, 2022
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
Incorrect Type Conversion or Cast
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
CVE-2021-39990
9.8 - Critical
- January 03, 2022
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
Memory Corruption
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39987
7.5 - High
- January 03, 2022
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
Object Type Confusion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Huawei Harmonyos or by Huawei? Click the Watch button to subscribe.
