Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file.
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.
Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.
Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.
There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity.
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notifications.
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file.
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created.
A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.
The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.
There is a traffic hijacking vulnerability in Huawei routers. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue.
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.
There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.