Vendor CVEs
OpenHarmony
All CVEs
179 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-27648 | Hig | 0.57 | 8.8 | 0.01 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||
| CVE-2025-0304 | Hig | 0.57 | 8.8 | 0.00 | Feb 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | ||
| CVE-2025-0303 | Hig | 0.57 | 8.8 | 0.00 | Feb 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow. | ||
| CVE-2024-47398 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. | ||
| CVE-2024-10074 | Hig | 0.57 | 8.8 | 0.00 | Dec 3, 2024 | in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. | ||
| CVE-2024-41160 | Hig | 0.57 | 8.8 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | ||
| CVE-2024-41157 | Hig | 0.57 | 8.8 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | ||
| CVE-2022-38700 | Hig | 0.57 | 8.8 | 0.00 | Sep 9, 2022 | OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | ||
| CVE-2026-25781 | Hig | 0.55 | 8.4 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | ||
| CVE-2024-47797 | Hig | 0.55 | 8.4 | 0.00 | Nov 5, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | ||
| CVE-2024-47404 | Hig | 0.55 | 8.4 | 0.00 | Nov 5, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. | ||
| CVE-2024-47137 | Hig | 0.55 | 8.4 | 0.00 | Nov 5, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. | ||
| CVE-2024-39816 | Hig | 0.55 | 8.4 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||
| CVE-2024-38386 | Hig | 0.55 | 8.4 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||
| CVE-2023-43612 | Hig | 0.55 | 8.4 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. | ||
| CVE-2022-43451 | Hig | 0.55 | 8.4 | 0.00 | Nov 3, 2022 | OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to… | ||
| CVE-2022-42488 | Hig | 0.55 | 8.4 | 0.00 | Oct 14, 2022 | OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling… | ||
| CVE-2022-45877 | Hig | 0.54 | 8.3 | 0.00 | Dec 8, 2022 | OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | ||
| CVE-2022-42463 | Hig | 0.54 | 8.3 | 0.00 | Oct 14, 2022 | OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and… | ||
| CVE-2026-24792 | Hig | 0.53 | 8.1 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||
| CVE-2024-37185 | Hig | 0.53 | 8.2 | 0.01 | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||
| CVE-2024-37077 | Hig | 0.53 | 8.2 | 0.01 | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||
| CVE-2024-37030 | Hig | 0.53 | 8.2 | 0.01 | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. | ||
| CVE-2024-36260 | Hig | 0.53 | 8.2 | 0.01 | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||
| CVE-2024-36243 | Hig | 0.53 | 8.2 | 0.01 | Jul 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. | ||
| CVE-2024-28226 | Hig | 0.53 | 8.1 | 0.01 | Apr 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. | ||
| CVE-2024-21860 | Hig | 0.53 | 8.2 | 0.00 | Feb 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | ||
| CVE-2023-22436 | Hig | 0.51 | 7.8 | 0.00 | Mar 10, 2023 | The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. | ||
| CVE-2024-22092 | Hig | 0.50 | 7.7 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. | ||
| CVE-2022-36423 | Hig | 0.48 | 7.4 | 0.00 | Sep 9, 2022 | OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. | ||
| CVE-2023-3116 | Hig | 0.47 | 7.3 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. | ||
| CVE-2022-44455 | Med | 0.44 | 6.8 | 0.00 | Dec 8, 2022 | The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application… | ||
| CVE-2022-42464 | Med | 0.44 | 6.7 | 0.00 | Oct 14, 2022 | OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive… | ||
| CVE-2026-28733 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | ||
| CVE-2025-22851 | Med | 0.42 | 6.5 | 0.00 | Apr 7, 2025 | in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. | ||
| CVE-2024-39775 | Med | 0.42 | 6.5 | 0.00 | Sep 2, 2024 | in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-3759 | Med | 0.42 | 6.5 | 0.00 | May 7, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. | ||
| CVE-2024-3758 | Med | 0.42 | 6.5 | 0.00 | May 7, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | ||
| CVE-2024-27217 | Med | 0.42 | 6.5 | 0.00 | May 7, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. | ||
| CVE-2024-29074 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. | ||
| CVE-2024-24581 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. | ||
| CVE-2024-22098 | Med | 0.42 | 6.5 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | ||
| CVE-2023-22301 | Med | 0.42 | 6.5 | 0.01 | Mar 10, 2023 | The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | ||
| CVE-2023-0036 | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2023 | platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | ||
| CVE-2023-0035 | Med | 0.42 | 6.5 | 0.00 | Jan 9, 2023 | softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | ||
| CVE-2022-43495 | Med | 0.42 | 6.5 | 0.01 | Nov 3, 2022 | OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. | ||
| CVE-2025-27131 | Med | 0.40 | 6.1 | 0.00 | Jun 8, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | ||
| CVE-2023-46705 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. | ||
| CVE-2023-46100 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | ||
| CVE-2023-42774 | Med | 0.40 | 6.2 | 0.00 | Nov 20, 2023 | in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. |
- risk 0.57cvss 8.8epss 0.01
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
- risk 0.57cvss 8.8epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
- risk 0.57cvss 8.8epss 0.00
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
- risk 0.55cvss 8.4epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.
- risk 0.55cvss 8.4epss 0.00
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to…
- risk 0.55cvss 8.4epss 0.00
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling…
- risk 0.54cvss 8.3epss 0.00
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
- risk 0.54cvss 8.3epss 0.00
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and…
- risk 0.53cvss 8.1epss 0.00
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
- risk 0.53cvss 8.2epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
- risk 0.53cvss 8.2epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
- risk 0.53cvss 8.2epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
- risk 0.53cvss 8.2epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
- risk 0.53cvss 8.2epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
- risk 0.53cvss 8.1epss 0.01
in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.
- risk 0.53cvss 8.2epss 0.00
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
- risk 0.51cvss 7.8epss 0.00
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
- risk 0.50cvss 7.7epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.
- risk 0.48cvss 7.4epss 0.00
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
- risk 0.47cvss 7.3epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
- risk 0.44cvss 6.8epss 0.00
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application…
- risk 0.44cvss 6.7epss 0.00
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive…
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.
- risk 0.42cvss 6.5epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
- risk 0.42cvss 6.5epss 0.01
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.
- risk 0.42cvss 6.5epss 0.00
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
- risk 0.42cvss 6.5epss 0.00
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
- risk 0.42cvss 6.5epss 0.01
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
- risk 0.40cvss 6.1epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
- risk 0.40cvss 6.2epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
Page 1 of 4