Openharmony
by OpenHarmony
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24581 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. | ||
| CVE-2024-22098 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | ||
| CVE-2023-22301 | Med | 0.42 | 6.5 | 0.01 | Mar 10, 2023 | The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | ||
| CVE-2023-0036 | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2023 | platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | ||
| CVE-2023-0035 | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2023 | softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | ||
| CVE-2022-43495 | Med | 0.42 | 6.5 | 0.01 | Nov 3, 2022 | OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. | ||
| CVE-2025-27131 | Med | 0.40 | 6.1 | 0.00 | Jun 8, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | ||
| CVE-2023-46705 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | ||
| CVE-2023-46100 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | ||
| CVE-2023-42774 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. | ||
| CVE-2023-25947 | Med | 0.40 | 6.2 | 0.00 | Mar 10, 2023 | The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. | ||
| CVE-2022-45118 | Med | 0.40 | 6.2 | 0.00 | Dec 8, 2022 | OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data… | ||
| CVE-2022-43449 | Med | 0.40 | 6.2 | 0.00 | Nov 3, 2022 | OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | ||
| CVE-2022-38701 | Med | 0.40 | 6.2 | 0.00 | Sep 9, 2022 | OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. | ||
| CVE-2022-38081 | Med | 0.40 | 6.2 | 0.00 | Sep 9, 2022 | OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | ||
| CVE-2022-38064 | Med | 0.40 | 6.2 | 0.00 | Sep 9, 2022 | OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | ||
| CVE-2023-6045 | Med | 0.38 | 5.9 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. | ||
| CVE-2026-27766 | Med | 0.36 | 5.5 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak. | ||
| CVE-2026-25850 | Med | 0.36 | 5.5 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak | ||
| CVE-2025-27247 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. |
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
- risk 0.42cvss 6.5epss 0.01
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.
- risk 0.42cvss 6.5epss 0.00
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
- risk 0.42cvss 6.5epss 0.00
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
- risk 0.42cvss 6.5epss 0.01
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
- risk 0.40cvss 6.1epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
- risk 0.40cvss 6.2epss 0.00
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
- risk 0.40cvss 6.2epss 0.00
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data…
- risk 0.40cvss 6.2epss 0.00
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
- risk 0.40cvss 6.2epss 0.00
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
- risk 0.40cvss 6.2epss 0.00
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
- risk 0.40cvss 6.2epss 0.00
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.
- risk 0.38cvss 5.9epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Page 3 of 9