VYPR

Vendor CVEs

OpenHarmony

All CVEs

179 total · sorted by risk
  • CVE-2026-27648HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2025-0304HigFeb 7, 2025
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

  • CVE-2025-0303HigFeb 7, 2025
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.

  • CVE-2024-47398HigJan 7, 2025
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.

  • CVE-2024-10074HigDec 3, 2024
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.

  • CVE-2024-41160HigSep 2, 2024
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

  • CVE-2024-41157HigSep 2, 2024
    risk 0.57cvss 8.8epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

  • CVE-2022-38700HigSep 9, 2022
    risk 0.57cvss 8.8epss 0.00

    OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.

  • CVE-2026-25781HigMay 19, 2026
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

  • CVE-2024-47797HigNov 5, 2024
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

  • CVE-2024-47404HigNov 5, 2024
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

  • CVE-2024-47137HigNov 5, 2024
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

  • CVE-2024-39816HigSep 2, 2024
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

  • CVE-2024-38386HigSep 2, 2024
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

  • CVE-2023-43612HigNov 20, 2023
    risk 0.55cvss 8.4epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

  • CVE-2022-43451HigNov 3, 2022
    risk 0.55cvss 8.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to…

  • CVE-2022-42488HigOct 14, 2022
    risk 0.55cvss 8.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling…

  • CVE-2022-45877HigDec 8, 2022
    risk 0.54cvss 8.3epss 0.00

    OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

  • CVE-2022-42463HigOct 14, 2022
    risk 0.54cvss 8.3epss 0.00

    OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and…

  • CVE-2026-24792HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2024-37185HigJul 2, 2024
    risk 0.53cvss 8.2epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

  • CVE-2024-37077HigJul 2, 2024
    risk 0.53cvss 8.2epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

  • CVE-2024-37030HigJul 2, 2024
    risk 0.53cvss 8.2epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.

  • CVE-2024-36260HigJul 2, 2024
    risk 0.53cvss 8.2epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

  • CVE-2024-36243HigJul 2, 2024
    risk 0.53cvss 8.2epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

  • CVE-2024-28226HigApr 2, 2024
    risk 0.53cvss 8.1epss 0.01

    in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.

  • CVE-2024-21860HigFeb 2, 2024
    risk 0.53cvss 8.2epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.

  • CVE-2023-22436HigMar 10, 2023
    risk 0.51cvss 7.8epss 0.00

    The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

  • CVE-2024-22092HigApr 2, 2024
    risk 0.50cvss 7.7epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.

  • CVE-2022-36423HigSep 9, 2022
    risk 0.48cvss 7.4epss 0.00

    OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

  • CVE-2023-3116HigNov 20, 2023
    risk 0.47cvss 7.3epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

  • CVE-2022-44455MedDec 8, 2022
    risk 0.44cvss 6.8epss 0.00

    The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application…

  • CVE-2022-42464MedOct 14, 2022
    risk 0.44cvss 6.7epss 0.00

    OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive…

  • CVE-2026-28733MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.

  • CVE-2025-22851MedApr 7, 2025
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.

  • CVE-2024-39775MedSep 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

  • CVE-2024-3759MedMay 7, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

  • CVE-2024-3758MedMay 7, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

  • CVE-2024-27217MedMay 7, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

  • CVE-2024-29074MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

  • CVE-2024-24581MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

  • CVE-2024-22098MedApr 2, 2024
    risk 0.42cvss 6.5epss 0.00

    in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

  • CVE-2023-22301MedMar 10, 2023
    risk 0.42cvss 6.5epss 0.01

    The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

  • CVE-2023-0036MedJan 9, 2023
    risk 0.42cvss 6.5epss 0.00

    platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

  • CVE-2023-0035MedJan 9, 2023
    risk 0.42cvss 6.5epss 0.00

    softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

  • CVE-2022-43495MedNov 3, 2022
    risk 0.42cvss 6.5epss 0.01

    OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.

  • CVE-2025-27131MedJun 8, 2025
    risk 0.40cvss 6.1epss 0.00

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

  • CVE-2023-46705MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.

  • CVE-2023-46100MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

  • CVE-2023-42774MedNov 20, 2023
    risk 0.40cvss 6.2epss 0.00

    in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

Page 1 of 4