CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48361
https://notcve.org/view.php?id=CVE-2022-48361
The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-26549
https://notcve.org/view.php?id=CVE-2023-26549
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48358
https://notcve.org/view.php?id=CVE-2022-48358
The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48351
https://notcve.org/view.php?id=CVE-2022-48351
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48291
https://notcve.org/view.php?id=CVE-2022-48291
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. • https://consumer.huawei.com/en/support/bulletin/2023/3 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505 • CWE-306: Missing Authentication for Critical Function •