CVE-2023-26547
https://notcve.org/view.php?id=CVE-2023-26547
The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-48360
https://notcve.org/view.php?id=CVE-2022-48360
The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-276: Incorrect Default Permissions •
CVE-2023-26548
https://notcve.org/view.php?id=CVE-2023-26548
The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-48300
https://notcve.org/view.php?id=CVE-2022-48300
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. • https://consumer.huawei.com/en/support/bulletin/2023/2 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474 • CWE-306: Missing Authentication for Critical Function •
CVE-2022-48295
https://notcve.org/view.php?id=CVE-2022-48295
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). • https://consumer.huawei.com/en/support/bulletin/2023/2 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474 • CWE-281: Improper Preservation of Permissions •