VYPR

Openharmony

by OpenHarmony

CVEs (178)

  • CVE-2024-24581MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

  • CVE-2024-22098MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

  • CVE-2023-22301MedMar 10, 2023
    risk 0.42cvss 6.5epss 0.01

    The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

  • CVE-2023-0036MedJan 9, 2023
    risk 0.42cvss 6.5epss 0.00

    platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

  • CVE-2023-0035MedJan 9, 2023
    risk 0.42cvss 6.5epss 0.00

    softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

  • CVE-2022-43495MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.01

    OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.

  • CVE-2025-27131MedJun 8, 2025
    risk 0.40cvss 6.1epss 0.00

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

  • CVE-2023-46705MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.

  • CVE-2023-46100MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

  • CVE-2023-42774MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

  • CVE-2023-25947MedMar 10, 2023
    risk 0.40cvss 6.2epss 0.00

    The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

  • CVE-2022-45118MedDec 8, 2022
    risk 0.40cvss 6.2epss 0.00

    OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data…

  • CVE-2022-43449MedNov 3, 2022
    risk 0.40cvss 6.2epss 0.00

    OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

  • CVE-2022-38701MedSep 9, 2022
    risk 0.40cvss 6.2epss 0.00

    OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

  • CVE-2022-38081MedSep 9, 2022
    risk 0.40cvss 6.2epss 0.00

    OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.

  • CVE-2022-38064MedSep 9, 2022
    risk 0.40cvss 6.2epss 0.00

    OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

  • CVE-2023-6045MedNov 20, 2023
    risk 0.38cvss 5.9epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.

  • CVE-2026-27766MedMay 19, 2026
    risk 0.36cvss 5.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.

  • CVE-2026-25850MedMay 19, 2026
    risk 0.36cvss 5.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

  • CVE-2025-27247MedJun 8, 2025
    risk 0.36cvss 5.5epss 0.00

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Page 3 of 9