VYPR

Openharmony

by OpenHarmony

CVEs (178)

  • CVE-2024-21826MedMar 4, 2024
    risk 0.28cvss 4.3epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

  • CVE-2023-46708MedMar 4, 2024
    risk 0.28cvss 4.3epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

  • CVE-2023-45734MedFeb 2, 2024
    risk 0.27cvss 4.2epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.

  • CVE-2024-21816MedMar 4, 2024
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.

  • CVE-2023-49142MedJan 2, 2024
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.

  • CVE-2023-49135MedJan 2, 2024
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

  • CVE-2023-48360MedJan 2, 2024
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

  • CVE-2023-47857MedJan 2, 2024
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.

  • CVE-2023-47217MedNov 20, 2023
    risk 0.26cvss 4.0epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.

  • CVE-2023-0083MedMar 10, 2023
    risk 0.26cvss 4.0epss 0.00

    The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to…

  • CVE-2022-45126MedJan 9, 2023
    risk 0.26cvss 4.0epss 0.00

    Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

  • CVE-2022-43662MedJan 9, 2023
    risk 0.26cvss 4.0epss 0.00

    Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

  • CVE-2022-41802MedDec 8, 2022
    risk 0.26cvss 4.0epss 0.00

    Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

  • CVE-2025-27132LowMay 6, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-24309LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-24301LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-23420LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-23414LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-23409LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

  • CVE-2025-23240LowMar 4, 2025
    risk 0.25cvss 3.8epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

Page 5 of 9