U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 285 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-44106

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Published: October 11, 2023; 8:15:11 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

Published: October 11, 2023; 7:15:14 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-44094

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Published: October 11, 2023; 7:15:13 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-44093

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Published: October 11, 2023; 7:15:13 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-3456

Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

Published: July 06, 2023; 9:15:11 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-37245

Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

Published: July 06, 2023; 9:15:11 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-37242

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Published: July 06, 2023; 9:15:11 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2021-46893

Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.

Published: July 05, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2021-46891

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Published: July 05, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2021-46890

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Published: July 05, 2023; 8:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-48479

The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

Published: May 26, 2023; 1:15:13 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-48478

The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

Published: May 26, 2023; 1:15:13 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-1696

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

Published: May 20, 2023; 11:15:08 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1694

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

Published: May 20, 2023; 11:15:08 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1693

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

Published: May 20, 2023; 11:15:08 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1692

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

Published: May 20, 2023; 11:15:08 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-48314

The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

Published: April 16, 2023; 4:15:07 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-48313

The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

Published: April 16, 2023; 4:15:07 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-48312

The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.

Published: April 16, 2023; 3:15:52 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-26549

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.

Published: March 27, 2023; 6:15:21 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)