Openharmony
by OpenHarmony
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26691 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | ||
| CVE-2025-24493 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. | ||
| CVE-2025-21098 | Med | 0.36 | 5.5 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. | ||
| CVE-2025-20042 | Med | 0.36 | 5.5 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. | ||
| CVE-2025-0302 | Med | 0.36 | 5.5 | 0.00 | Feb 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. | ||
| CVE-2024-45070 | Med | 0.36 | 5.5 | 0.00 | Jan 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-9978 | Med | 0.36 | 5.5 | 0.00 | Dec 3, 2024 | in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-12082 | Med | 0.36 | 5.5 | 0.00 | Dec 3, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-39806 | Med | 0.36 | 5.5 | 0.00 | Oct 8, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-39612 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-38382 | Med | 0.36 | 5.5 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-28951 | Med | 0.36 | 5.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. | ||
| CVE-2023-24465 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2023 | Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. | ||
| CVE-2021-22296 | Med | 0.36 | 5.5 | 0.00 | Mar 2, 2021 | A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. | ||
| CVE-2024-23808 | Med | 0.34 | 5.2 | 0.00 | May 7, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. | ||
| CVE-2022-41686 | Med | 0.33 | 5.1 | 0.00 | Oct 14, 2022 | OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound… | ||
| CVE-2024-21863 | Med | 0.31 | 4.7 | 0.00 | Feb 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | ||
| CVE-2024-0285 | Med | 0.31 | 4.7 | 0.00 | Feb 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. | ||
| CVE-2024-54030 | Med | 0.29 | 4.4 | 0.00 | Jan 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. | ||
| CVE-2024-39831 | Med | 0.29 | 4.4 | 0.00 | Oct 8, 2024 | in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. |
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.36cvss 5.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
- risk 0.36cvss 5.5epss 0.00
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.
- risk 0.36cvss 5.5epss 0.00
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system.
- risk 0.34cvss 5.2epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.
- risk 0.33cvss 5.1epss 0.00
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound…
- risk 0.31cvss 4.7epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
- risk 0.31cvss 4.7epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
- risk 0.29cvss 4.4epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.
- risk 0.29cvss 4.4epss 0.00
in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
Page 4 of 9