Skip to main content

Openharmony

162 CVEs product

Monthly

CVE-2024-39816 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39775 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-39612 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-38386 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38382 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28044 MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-37185 CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37077 CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37030 CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36278 LOW Monitor

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-36260 CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36243 CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Openharmony
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31071 LOW Monitor

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-3759 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3758 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3757 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-31078 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27217 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23808 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-29086 MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29074 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-28951 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28226 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24581 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22180 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22177 MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-22098 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-22092 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-21834 MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21826 MEDIUM PATCH This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21816 MEDIUM PATCH This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21863 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-21860 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21851 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21845 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0285 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-49142 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Openharmony
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-49135 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Openharmony
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-48360 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Openharmony
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-47857 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Openharmony
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-47216 LOW Monitor

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
2.9
EPSS
0.0%
CVE-2023-6045 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47217 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46705 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46100 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43612 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42774 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3116 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-4753 MEDIUM This Month

OpenHarmony v3.2.1 and prior version has a system call function usage error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-25947 MEDIUM This Month

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24465 MEDIUM This Month

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22436 HIGH This Week

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22301 HIGH This Week

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0083 MEDIUM This Month

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0036 HIGH This Week

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0035 HIGH This Week

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-45877 MEDIUM This Month

OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-45118 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-44455 HIGH This Week

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41802 LOW Monitor

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-43495 HIGH This Week

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-43451 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Openharmony
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-43449 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42488 HIGH This Week

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-42464 HIGH This Week

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-42463 HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-41686 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Buffer Overflow Openharmony
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-38701 LOW Monitor

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-38700 HIGH This Week

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-38081 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38064 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36423 HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
7.4
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service +1
NVD
EPSS 0% CVSS 2.9
LOW Monitor

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
EPSS 0% CVSS 7.1
HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony v3.2.1 and prior version has a system call function usage error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Openharmony
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
EPSS 1% CVSS 7.5
HIGH This Week

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 7.8
HIGH This Week

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Openharmony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
EPSS 0% CVSS 7.4
HIGH This Week

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy