Zzz

**Name of the Vulnerable Software and Affected Versions** com.hihonor.phoneservice version 11.0.0.271 **Description** The Phoneservice module is affected by a code injection issue, which may compromise service confidentiality and integrity. **Recommendations** For version 11.0.0.271, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Phoneservice module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GameCenter version 16.0.23 **Description** There is a whitelist mechanism bypass in GameCenter, which may affect service confidentiality and integrity upon successful exploitation. **Recommendations** For version 16.0.23, consider disabling the whitelist mechanism bypass functionality until a patch is available. As a temporary workaround, restrict access to sensitive areas of GameCenter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Health module (affected versions not specified) **Description** The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MinigameCenter (affected versions not specified) **Description** The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MinigameCenter (affected versions not specified) **Description** The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kvmtool versions through 39181fc **Description** The issue allows a guest OS user to execute arbitrary code on the host machine due to an out-of-bounds write related to virtio/balloon.c and virtio/pci.c. **Recommendations** For versions through 39181fc, at the moment, there is no information about a newer version that contains a fix for this vulnerability.