Openharmony
by OpenHarmony
CVEs (178)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21826 | Med | 0.28 | 4.3 | 0.00 | Mar 4, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | ||
| CVE-2023-46708 | Med | 0.28 | 4.3 | 0.00 | Mar 4, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | ||
| CVE-2023-45734 | Med | 0.27 | 4.2 | 0.00 | Feb 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. | ||
| CVE-2024-21816 | Med | 0.26 | 4.0 | 0.00 | Mar 4, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. | ||
| CVE-2023-49142 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2024 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. | ||
| CVE-2023-49135 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2024 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | ||
| CVE-2023-48360 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2024 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | ||
| CVE-2023-47857 | Med | 0.26 | 4.0 | 0.00 | Jan 2, 2024 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. | ||
| CVE-2023-47217 | Med | 0.26 | 4.0 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. | ||
| CVE-2023-0083 | Med | 0.26 | 4.0 | 0.00 | Mar 10, 2023 | The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to… | ||
| CVE-2022-45126 | Med | 0.26 | 4.0 | 0.00 | Jan 9, 2023 | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | ||
| CVE-2022-43662 | Med | 0.26 | 4.0 | 0.00 | Jan 9, 2023 | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | ||
| CVE-2022-41802 | Med | 0.26 | 4.0 | 0.00 | Dec 8, 2022 | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | ||
| CVE-2025-27132 | Low | 0.25 | 3.8 | 0.00 | May 6, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-24309 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-24301 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-23420 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-23414 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-23409 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||
| CVE-2025-23240 | Low | 0.25 | 3.8 | 0.00 | Mar 4, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. |
- risk 0.28cvss 4.3epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
- risk 0.28cvss 4.3epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
- risk 0.27cvss 4.2epss 0.00
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.
- risk 0.26cvss 4.0epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.
- risk 0.26cvss 4.0epss 0.00
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to…
- risk 0.26cvss 4.0epss 0.00
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
- risk 0.26cvss 4.0epss 0.00
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
- risk 0.26cvss 4.0epss 0.00
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
- risk 0.25cvss 3.8epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Page 5 of 9