Skip to main content

Openharmony

162 CVEs product

Monthly

CVE-2026-33565 LOW Monitor

Signal handler race condition in OpenHarmony v6.0 and prior enables a local, low-privileged attacker to cause a denial-of-service condition. The vulnerability (CWE-364) produces only low availability impact per the CVSS vector, with no confidentiality or integrity loss confirmed. No public exploit code or CISA KEV listing exists at time of analysis, placing this in a low-urgency tier despite the low attack complexity.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-28733 MEDIUM This Month

Use-After-Free memory corruption in OpenHarmony v6.0 and prior enables a local attacker with low privileges to execute arbitrary code, achieving a changed scope with high availability impact. The vulnerability is rooted in CWE-416, where freed memory regions are accessed without proper lifecycle management, a class of flaw frequently exploitable for control-flow hijacking. No public exploit code or CISA KEV listing has been identified at time of analysis, though the OpenHarmony security team has published a formal disclosure.

Memory Corruption Use After Free RCE Openharmony
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27766 MEDIUM This Month

Information disclosure in OpenHarmony v6.0 and earlier enables a low-privileged local attacker to leak high-sensitivity data from the system without any user interaction. The root cause is a signal handler race condition (CWE-364), where asynchronous signal delivery can expose protected memory contents while leaving system integrity and availability unaffected. No public exploit code has been identified at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25850 MEDIUM This Month

OpenHarmony v6.0 and prior versions expose sensitive information to local low-privileged attackers due to improper preservation of permissions (CWE-281). A locally authenticated attacker with standard user privileges can exploit this flaw to leak confidential data - achieving high confidentiality impact - without requiring elevated rights or user interaction. No public exploit code or active exploitation has been identified at time of analysis, but the low complexity and no-interaction-required nature of the attack make it straightforward to exploit once access is obtained.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-25781 HIGH This Week

Out-of-bounds write in OpenHarmony v6.0 and earlier enables a local low-privileged attacker to corrupt memory and trigger an unrecoverable denial-of-service condition on affected devices. The flaw was disclosed by the OpenHarmony project itself, and no public exploit identified at time of analysis. Although CVSS scores it 8.4 (High) due to scope change and high confidentiality/integrity impact, the vector indicates local-only access with low privileges already required.

Memory Corruption Buffer Overflow Openharmony
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-28751 LOW Monitor

Local denial-of-service in OpenHarmony v6.0 and prior versions exploits an improper input validation flaw (CWE-20), allowing a low-privileged local attacker to partially disrupt availability without requiring user interaction. The CVSS score of 3.3 (Low) reflects constrained impact: availability impact is rated Low (A:L), with no confidentiality or integrity loss. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the lower tier of operational urgency.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-27781 LOW Monitor

Integer overflow in OpenHarmony v6.0 and prior versions enables a local authenticated attacker to trigger a denial-of-service condition, resulting in an availability impact. The vulnerability is low severity with a CVSS score of 3.3, requires local access with low privileges, and no public exploit or active exploitation has been identified at time of analysis. Notably, the CVE tags include 'Information Disclosure' despite the CVSS vector indicating no confidentiality impact (C:N), a discrepancy that warrants vendor clarification.

Information Disclosure Integer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-27648 HIGH This Week

Arbitrary code execution in OpenHarmony v6.0 and earlier enables remote attackers with low privileges to execute code within pre-installed apps via an out-of-bounds write (CWE-787). The CVSS 8.8 vector reflects network-reachable exploitation with low complexity and no user interaction once minimal privileges are obtained, yielding high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-25110 LOW Monitor

NULL pointer dereference in OpenHarmony v6.0 and prior enables a local low-privileged attacker to crash the system or an affected process, causing a denial-of-service condition. The vulnerability is confined to local exploitation with no confidentiality or integrity impact, as reflected in the CVSS:3.1 score of 3.3 (Low). No public exploit code has been identified at time of analysis, and no active exploitation has been reported.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-24792 HIGH This Week

Remote code execution in OpenHarmony v6.0 and prior versions allows authenticated remote attackers to execute arbitrary code within pre-installed applications through a race condition flaw (CWE-364). The CVSS 8.1 score reflects high confidentiality and availability impact but no integrity impact, and no public exploit has been identified at time of analysis. The vulnerability requires low privileges but no user interaction, making it exploitable across OpenHarmony's distributed device ecosystem including smart devices, wearables, and IoT endpoints running the open-source operating system.

RCE Openharmony
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-6969 MEDIUM This Month

OpenHarmony versions 5.1.0 and prior contain an improper input validation vulnerability (CWE-20) that allows local attackers with low privileges to trigger a denial of service condition. An authenticated local user can craft malicious input that causes the system to become unresponsive or crash, requiring manual intervention to restore availability. While this vulnerability has a moderate CVSS score of 5.0, the local-only attack vector and requirement for user interaction limit widespread exploitation risk.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-26474 LOW Monitor

OpenHarmony v5.0.3 and prior versions contain an improper input validation vulnerability (CWE-20) that allows a local attacker with limited privileges to read sensitive information from the system. The vulnerability carries a CVSS score of 3.3 with low attack complexity and requires local access and low privileges, indicating a confined risk profile suitable only for restricted exploitation scenarios. While the CVSS vector does not indicate active exploitation or widespread POC availability based on the provided data, the information disclosure impact warrants attention in environments where local privilege escalation chains may amplify the risk.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-52458 MEDIUM This Month

An out-of-bounds write vulnerability (CWE-787) exists in OpenHarmony versions up to and including v5.1.0, enabling local attackers to execute arbitrary code within pre-installed applications. The vulnerability requires local access and low privileges but can result in complete confidentiality compromise. This is a memory corruption issue that, while restricted to specific scenarios, poses a meaningful risk to OpenHarmony device security given the local attack vector and high impact on confidentiality.

RCE Buffer Overflow Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-41432 MEDIUM This Month

An out-of-bounds write vulnerability in OpenHarmony v5.1.0 and earlier versions allows local attackers with limited privileges to achieve arbitrary code execution within pre-installed applications through memory corruption. The vulnerability, tracked as CVE-2025-41432 and assigned CVSS 5.5, exploits CWE-787 (out-of-bounds write) and is limited to restricted attack scenarios that require local access and low privilege levels. While not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, the availability of vulnerability disclosure documentation and the nature of memory corruption bugs suggest heightened risk for motivated threat actors.

RCE Buffer Overflow Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-25277 MEDIUM This Month

This vulnerability allows arbitrary code execution in OpenHarmony pre-installed applications through improper handling of incompatible types, enabling local attackers to escalate privileges and execute arbitrary code within the context of trusted system applications. Affected versions include OpenHarmony v5.0.3 through v5.1.0.x, impacting the core application framework across the OpenHarmony ecosystem. While the CVSS score of 6.3 reflects moderate severity, the vulnerability requires local access and high attack complexity, limiting real-world exploitability to restricted scenarios as noted by the vendor.

RCE Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-12736 MEDIUM This Month

OpenHarmony versions 5.0.3 and earlier contain an information disclosure vulnerability caused by use of uninitialized resources, allowing local attackers to leak sensitive case-sensitive data. The vulnerability affects OpenHarmony deployments across all product lines up to v5.0.3.x (per EUVD-2025-208673). An attacker with local access and standard user privileges can read uninitialized memory regions to obtain confidential information without requiring user interaction, though there is no indication of active exploitation in public KEV databases at this time.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0639 LOW Monitor

This vulnerability is a memory leak in OpenHarmony v6.0 and prior versions that allows a local, low-privileged attacker to trigger a denial-of-service condition by preventing proper memory release during runtime operations. An authenticated local user without special privileges can exhaust system memory through repeated triggering of the affected code path, causing application or system instability. The low CVSS score of 3.3 reflects the limited scope (local access only, no confidentiality or integrity impact), but the underlying memory management flaw (CWE-401: Missing Release of Memory) is a classic stability threat in systems software.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27577 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-27562 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27536 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-27128 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-26690 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-25278 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-25212 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24925 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24844 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-24298 HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Openharmony
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-27247 MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27131 MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

Information Disclosure Openharmony
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-26691 MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-24493 MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.

Race Condition Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27248 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-27241 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-27132 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-25218 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-25052 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22886 LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-27534 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-25057 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-24304 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22851 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-22842 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-22452 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-20102 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-24309 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-24301 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23420 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23418 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-23414 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23409 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23240 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-23234 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22897 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22847 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22841 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22837 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-22835 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-22443 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21098 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21097 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21089 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21084 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20626 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20091 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20081 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20042 MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20024 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-20021 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-20011 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-0587 LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-0304 HIGH This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0303 HIGH This Week

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0302 MEDIUM This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-54030 MEDIUM Monitor

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Openharmony
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-47398 HIGH This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45070 MEDIUM This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-9978 MEDIUM This Month

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-12082 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-10074 HIGH This Week

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47797 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47404 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47402 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-47137 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45382 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43697 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-43696 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39831 MEDIUM This Month

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-39806 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41160 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41157 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 3.3
LOW Monitor

Signal handler race condition in OpenHarmony v6.0 and prior enables a local, low-privileged attacker to cause a denial-of-service condition. The vulnerability (CWE-364) produces only low availability impact per the CVSS vector, with no confidentiality or integrity loss confirmed. No public exploit code or CISA KEV listing exists at time of analysis, placing this in a low-urgency tier despite the low attack complexity.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-After-Free memory corruption in OpenHarmony v6.0 and prior enables a local attacker with low privileges to execute arbitrary code, achieving a changed scope with high availability impact. The vulnerability is rooted in CWE-416, where freed memory regions are accessed without proper lifecycle management, a class of flaw frequently exploitable for control-flow hijacking. No public exploit code or CISA KEV listing has been identified at time of analysis, though the OpenHarmony security team has published a formal disclosure.

Memory Corruption Use After Free RCE +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Information disclosure in OpenHarmony v6.0 and earlier enables a low-privileged local attacker to leak high-sensitivity data from the system without any user interaction. The root cause is a signal handler race condition (CWE-364), where asynchronous signal delivery can expose protected memory contents while leaving system integrity and availability unaffected. No public exploit code has been identified at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony v6.0 and prior versions expose sensitive information to local low-privileged attackers due to improper preservation of permissions (CWE-281). A locally authenticated attacker with standard user privileges can exploit this flaw to leak confidential data - achieving high confidentiality impact - without requiring elevated rights or user interaction. No public exploit code or active exploitation has been identified at time of analysis, but the low complexity and no-interaction-required nature of the attack make it straightforward to exploit once access is obtained.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds write in OpenHarmony v6.0 and earlier enables a local low-privileged attacker to corrupt memory and trigger an unrecoverable denial-of-service condition on affected devices. The flaw was disclosed by the OpenHarmony project itself, and no public exploit identified at time of analysis. Although CVSS scores it 8.4 (High) due to scope change and high confidentiality/integrity impact, the vector indicates local-only access with low privileges already required.

Memory Corruption Buffer Overflow Openharmony
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Local denial-of-service in OpenHarmony v6.0 and prior versions exploits an improper input validation flaw (CWE-20), allowing a low-privileged local attacker to partially disrupt availability without requiring user interaction. The CVSS score of 3.3 (Low) reflects constrained impact: availability impact is rated Low (A:L), with no confidentiality or integrity loss. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the lower tier of operational urgency.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Integer overflow in OpenHarmony v6.0 and prior versions enables a local authenticated attacker to trigger a denial-of-service condition, resulting in an availability impact. The vulnerability is low severity with a CVSS score of 3.3, requires local access with low privileges, and no public exploit or active exploitation has been identified at time of analysis. Notably, the CVE tags include 'Information Disclosure' despite the CVSS vector indicating no confidentiality impact (C:N), a discrepancy that warrants vendor clarification.

Information Disclosure Integer Overflow Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Arbitrary code execution in OpenHarmony v6.0 and earlier enables remote attackers with low privileges to execute code within pre-installed apps via an out-of-bounds write (CWE-787). The CVSS 8.8 vector reflects network-reachable exploitation with low complexity and no user interaction once minimal privileges are obtained, yielding high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NULL pointer dereference in OpenHarmony v6.0 and prior enables a local low-privileged attacker to crash the system or an affected process, causing a denial-of-service condition. The vulnerability is confined to local exploitation with no confidentiality or integrity impact, as reflected in the CVSS:3.1 score of 3.3 (Low). No public exploit code has been identified at time of analysis, and no active exploitation has been reported.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Remote code execution in OpenHarmony v6.0 and prior versions allows authenticated remote attackers to execute arbitrary code within pre-installed applications through a race condition flaw (CWE-364). The CVSS 8.1 score reflects high confidentiality and availability impact but no integrity impact, and no public exploit has been identified at time of analysis. The vulnerability requires low privileges but no user interaction, making it exploitable across OpenHarmony's distributed device ecosystem including smart devices, wearables, and IoT endpoints running the open-source operating system.

RCE Openharmony
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

OpenHarmony versions 5.1.0 and prior contain an improper input validation vulnerability (CWE-20) that allows local attackers with low privileges to trigger a denial of service condition. An authenticated local user can craft malicious input that causes the system to become unresponsive or crash, requiring manual intervention to restore availability. While this vulnerability has a moderate CVSS score of 5.0, the local-only attack vector and requirement for user interaction limit widespread exploitation risk.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

OpenHarmony v5.0.3 and prior versions contain an improper input validation vulnerability (CWE-20) that allows a local attacker with limited privileges to read sensitive information from the system. The vulnerability carries a CVSS score of 3.3 with low attack complexity and requires local access and low privileges, indicating a confined risk profile suitable only for restricted exploitation scenarios. While the CVSS vector does not indicate active exploitation or widespread POC availability based on the provided data, the information disclosure impact warrants attention in environments where local privilege escalation chains may amplify the risk.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds write vulnerability (CWE-787) exists in OpenHarmony versions up to and including v5.1.0, enabling local attackers to execute arbitrary code within pre-installed applications. The vulnerability requires local access and low privileges but can result in complete confidentiality compromise. This is a memory corruption issue that, while restricted to specific scenarios, poses a meaningful risk to OpenHarmony device security given the local attack vector and high impact on confidentiality.

RCE Buffer Overflow Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds write vulnerability in OpenHarmony v5.1.0 and earlier versions allows local attackers with limited privileges to achieve arbitrary code execution within pre-installed applications through memory corruption. The vulnerability, tracked as CVE-2025-41432 and assigned CVSS 5.5, exploits CWE-787 (out-of-bounds write) and is limited to restricted attack scenarios that require local access and low privilege levels. While not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, the availability of vulnerability disclosure documentation and the nature of memory corruption bugs suggest heightened risk for motivated threat actors.

RCE Buffer Overflow Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

This vulnerability allows arbitrary code execution in OpenHarmony pre-installed applications through improper handling of incompatible types, enabling local attackers to escalate privileges and execute arbitrary code within the context of trusted system applications. Affected versions include OpenHarmony v5.0.3 through v5.1.0.x, impacting the core application framework across the OpenHarmony ecosystem. While the CVSS score of 6.3 reflects moderate severity, the vulnerability requires local access and high attack complexity, limiting real-world exploitability to restricted scenarios as noted by the vendor.

RCE Memory Corruption Openharmony
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

OpenHarmony versions 5.0.3 and earlier contain an information disclosure vulnerability caused by use of uninitialized resources, allowing local attackers to leak sensitive case-sensitive data. The vulnerability affects OpenHarmony deployments across all product lines up to v5.0.3.x (per EUVD-2025-208673). An attacker with local access and standard user privileges can read uninitialized memory regions to obtain confidential information without requiring user interaction, though there is no indication of active exploitation in public KEV databases at this time.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

This vulnerability is a memory leak in OpenHarmony v6.0 and prior versions that allows a local, low-privileged attacker to trigger a denial-of-service condition by preventing proper memory release during runtime operations. An authenticated local user without special privileges can exhaust system memory through repeated triggering of the affected code path, causing application or system instability. The low CVSS score of 3.3 reflects the limited scope (local access only, no confidentiality or integrity impact), but the underlying memory management flaw (CWE-401: Missing Release of Memory) is a classic stability threat in systems software.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openharmony
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Race Condition Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 8.4
HIGH This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.

Race Condition Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service +1
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 3.8
LOW Monitor

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy