Openharmony
Monthly
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony v3.2.1 and prior version has a system call function usage error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony v3.2.1 and prior version has a system call function usage error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.