CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Huawei » Harmonyos » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-40045 347 2022-02-09 2022-02-16
2.1
None Local Low Not required Partial None None
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.
2 CVE-2021-40039 476 2022-01-10 2022-01-13
5.0
None Remote Low Not required None Partial None
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
3 CVE-2021-40038 415 2022-01-10 2022-01-13
5.0
None Remote Low Not required None Partial None
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
4 CVE-2021-40037 843 2022-01-10 2022-01-13
4.9
None Local Low Not required None None Complete
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
5 CVE-2021-40035 120 Overflow 2022-01-10 2022-01-13
5.0
None Remote Low Not required None None Partial
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
6 CVE-2021-40032 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.
7 CVE-2021-40029 120 Overflow 2022-01-10 2022-01-13
5.0
None Remote Low Not required None None Partial
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
8 CVE-2021-40028 787 2022-01-10 2022-01-13
5.0
None Remote Low Not required None Partial None
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.
9 CVE-2021-40027 119 Overflow 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.
10 CVE-2021-40026 787 Overflow 2022-01-10 2022-01-13
5.0
None Remote Low Not required None Partial None
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
11 CVE-2021-40025 665 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.
12 CVE-2021-40022 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.
13 CVE-2021-40021 787 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.
14 CVE-2021-40018 476 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
15 CVE-2021-40015 362 2022-02-09 2022-02-16
1.9
None Local Medium Not required None None Partial
There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.
16 CVE-2021-40014 787 Overflow 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
17 CVE-2021-40010 787 Exec Code Overflow 2022-01-10 2022-05-13
7.5
None Remote Low Not required Partial Partial Partial
The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.
18 CVE-2021-40009 787 2022-01-10 2022-01-13
5.0
None Remote Low Not required None None Partial
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
19 CVE-2021-40005 668 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.
20 CVE-2021-40004 276 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.
21 CVE-2021-40003 22 Dir. Trav. 2022-01-10 2022-01-13
5.0
None Remote Low Not required Partial None None
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
22 CVE-2021-40002 787 Exec Code 2022-01-10 2022-01-13
5.8
None Local Network Low Not required Partial Partial Partial
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
23 CVE-2021-40001 22 Dir. Trav. 2022-01-10 2022-01-13
5.0
None Remote Low Not required None None Partial
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.
24 CVE-2021-40000 787 Exec Code 2022-01-10 2022-01-12
5.8
None Local Network Low Not required Partial Partial Partial
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
25 CVE-2021-39998 2022-01-10 2022-01-13
7.8
None Remote Low Not required None None Complete
There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
26 CVE-2021-39996 787 Overflow 2022-01-10 2022-01-13
7.5
None Remote Low Not required Partial Partial Partial
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.
27 CVE-2021-39990 787 Overflow 2022-01-03 2022-01-14
7.5
None Remote Low Not required Partial Partial Partial
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
28 CVE-2021-39989 704 2022-01-03 2022-01-14
5.0
None Remote Low Not required None None Partial
The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
29 CVE-2021-39988 476 2022-01-03 2022-01-14
5.0
None Remote Low Not required None None Partial
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
30 CVE-2021-39987 843 2022-01-03 2022-01-14
5.0
None Remote Low Not required None None Partial
The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
31 CVE-2021-39985 129 2022-01-03 2022-01-14
5.0
None Remote Low Not required None None Partial
The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
32 CVE-2021-39979 94 2022-01-03 2022-01-13
10.0
None Remote Low Not required Complete Complete Complete
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.
33 CVE-2021-39978 89 Sql 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues.
34 CVE-2021-39977 476 2022-01-03 2022-01-13
5.0
None Remote Low Not required None None Partial
The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
35 CVE-2021-39975 DoS 2022-01-03 2022-01-13
5.0
None Remote Low Not required None None Partial
Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks.
36 CVE-2021-39974 125 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
37 CVE-2021-39973 476 2022-01-03 2022-01-13
7.8
None Remote Low Not required None None Complete
There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down.
38 CVE-2021-39972 668 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.
39 CVE-2021-39971 610 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
Password vault has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability could compromise confidentiality.
40 CVE-2021-39970 22 Dir. Trav. 2022-01-03 2022-01-13
5.0
None Remote Low Not required None Partial None
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.
41 CVE-2021-39969 668 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
42 CVE-2021-39968 2022-01-03 2022-01-13
5.0
None Remote Low Not required None None Partial
Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulnerability may expand the attack surface of the message class.
43 CVE-2021-39967 276 +Info 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
44 CVE-2021-39966 909 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
45 CVE-2021-37134 362 2022-01-03 2022-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components.
46 CVE-2021-37133 668 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
47 CVE-2021-37132 276 2022-01-03 2022-01-11
5.0
None Remote Low Not required Partial None None
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.
48 CVE-2021-37128 22 Dir. Trav. 2022-01-03 2022-01-11
7.5
None Remote Low Not required Partial Partial Partial
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file.
49 CVE-2021-37126 22 Dir. Trav. 2022-01-03 2022-01-11
5.0
None Remote Low Not required Partial None None
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.
50 CVE-2021-37125 200 +Info 2022-01-03 2022-01-13
5.0
None Remote Low Not required Partial None None
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected.
Total number of vulnerabilities : 124   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.