Vendor CVEs
OpenHarmony
All CVEs
179 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29086 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. | ||
| CVE-2024-22180 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. | ||
| CVE-2024-22177 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. | ||
| CVE-2024-21834 | Low | 0.21 | 3.3 | 0.00 | Apr 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. | ||
| CVE-2021-22294 | Low | 0.21 | 3.3 | 0.00 | Mar 2, 2021 | A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. | ||
| CVE-2023-49602 | Low | 0.19 | 2.9 | 0.00 | Mar 4, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. | ||
| CVE-2023-25176 | Low | 0.19 | 2.9 | 0.00 | Mar 4, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||
| CVE-2024-21851 | Low | 0.19 | 2.9 | 0.00 | Feb 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | ||
| CVE-2024-21845 | Low | 0.19 | 2.9 | 0.00 | Feb 2, 2024 | in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. | ||
| CVE-2023-49118 | Low | 0.19 | 2.9 | 0.00 | Feb 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | ||
| CVE-2023-43756 | Low | 0.19 | 2.9 | 0.00 | Feb 2, 2024 | in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. | ||
| CVE-2023-47216 | Low | 0.19 | 2.9 | 0.00 | Jan 2, 2024 | in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources | ||
| CVE-2025-6969 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input. | |||
| CVE-2025-26474 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios. | |||
| CVE-2025-52458 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | |||
| CVE-2025-41432 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | |||
| CVE-2025-25277 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios. | |||
| CVE-2025-12736 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource. | |||
| CVE-2026-0639 | 0.00 | — | 0.00 | Mar 16, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory. | |||
| CVE-2025-27562 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||
| CVE-2025-27128 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||
| CVE-2025-25212 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | |||
| CVE-2025-24844 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||
| CVE-2025-27536 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | |||
| CVE-2025-26690 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | |||
| CVE-2025-24925 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||
| CVE-2025-24298 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||
| CVE-2025-25278 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | |||
| CVE-2025-27577 | 0.00 | — | 0.00 | Aug 11, 2025 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. |
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
- risk 0.21cvss 3.3epss 0.00
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
- risk 0.19cvss 2.9epss 0.00
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources
- CVE-2025-6969Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
- CVE-2025-26474Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-52458Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-41432Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-25277Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
- CVE-2025-12736Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
- CVE-2026-0639Mar 16, 2026risk 0.00cvss —epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
- CVE-2025-27562Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
- CVE-2025-27128Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
- CVE-2025-25212Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
- CVE-2025-24844Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
- CVE-2025-27536Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
- CVE-2025-26690Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
- CVE-2025-24925Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
- CVE-2025-24298Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
- CVE-2025-25278Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
- CVE-2025-27577Aug 11, 2025risk 0.00cvss —epss 0.00
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Page 4 of 4