VYPR

Openharmony

by OpenHarmony

CVEs (178)

  • CVE-2026-27648HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2022-38700HigSep 9, 2022
    risk 0.57cvss 8.8epss 0.00

    OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.

  • CVE-2026-25781HigMay 19, 2026
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

  • CVE-2023-43612HigNov 20, 2023
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

  • CVE-2022-43451HigNov 3, 2022
    risk 0.55cvss 8.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to…

  • CVE-2022-42488HigOct 14, 2022
    risk 0.55cvss 8.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling…

  • CVE-2022-45877HigDec 8, 2022
    risk 0.54cvss 8.3epss 0.00

    OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

  • CVE-2022-42463HigOct 14, 2022
    risk 0.54cvss 8.3epss 0.00

    OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and…

  • CVE-2026-24792HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2024-28226HigApr 2, 2024
    risk 0.53cvss 8.1epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.

  • CVE-2024-21860HigFeb 2, 2024
    risk 0.53cvss 8.2epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.

  • CVE-2023-22436HigMar 10, 2023
    risk 0.51cvss 7.8epss 0.00

    The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

  • CVE-2024-22092HigApr 2, 2024
    risk 0.50cvss 7.7epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.

  • CVE-2022-36423HigSep 9, 2022
    risk 0.48cvss 7.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

  • CVE-2023-3116HigNov 20, 2023
    risk 0.47cvss 7.3epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

  • CVE-2022-44455MedDec 8, 2022
    risk 0.44cvss 6.8epss 0.00

    The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application…

  • CVE-2022-42464MedOct 14, 2022
    risk 0.44cvss 6.7epss 0.00

    OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive…

  • CVE-2026-28733MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.

  • CVE-2024-29074MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

  • CVE-2024-24581MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

Page 1 of 9