Lucene search
+L
OpenatomOpenharmony

156 matches found

CVE
CVE
added 2025/03/04 3:44 a.m.63 views

CVE-2025-21098

OpenHarmony OpenHarmony v5.0.2 and earlier are affected by CVE-2025-21098, where a local attacker can cause information disclosure via an out-of-bounds read that bypasses a permission check. The vulnerability targets the information flow path leading to confidentiality impact (HIGH) with local at...

5.5CVSS6.5AI score0.00162EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.63 views

CVE-2025-22443

CVE-2025-22443 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds read in the runtime that can let a local attacker cause a denial of service. The available sources consistently describe the vulnerability as a local DOS due to an out-of-bounds read, but do not provide detailed ...

5.5CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.63 views

CVE-2025-24301

OpenHarmony vulnerability CVE-2025-24301 affects v5.0.2 and earlier, where a use-after-free in pre-installed apps enables local code execution by a restricted attacker. The issue is described as a local escalation/vector with a high impact (CVE metrics show local access, high confidentiality/inte...

7.8CVSS7.5AI score0.00164EPSS
CVE
CVE
added 2025/05/06 9:3 a.m.63 views

CVE-2025-27132

In OpenHarmony, CVE-2025-27132 describes an out-of-bounds write vulnerability that allows a local attacker to execute arbitrary code in pre-installed apps on OpenHarmony v5.0.3 and earlier. The issue stems from a faulty write operation in the affected component (as noted across multiple sources),...

7.8CVSS7.5AI score0.00139EPSS
CVE
CVE
added 2023/11/20 11:46 a.m.62 views

CVE-2023-47217

OpenHarmony is affected by CVE-2023-47217 in v3.2.2 and earlier, where a buffer overflow can enable a local attacker to cause a denial of service. The root cause is a buffer overflow in the vulnerable component; exact vulnerable module/function is not specified in the provided documents. Impact i...

5.5CVSS4.8AI score0.00197EPSS
CVE
CVE
added 2024/04/02 6:23 a.m.62 views

CVE-2024-28951

Summary: CVE-2024-28951 affects OpenHarmony v4.0.0 and earlier and is described as a local-use-after-free vulnerability in the Arkcompiler runtime that allows arbitrary code execution in pre-installed apps. The vulnerability is local, requires privileges, and has a high impact on confidentiality,...

7.8CVSS5.9AI score0.00182EPSS
CVE
CVE
added 2024/09/02 3:25 a.m.62 views

CVE-2024-39816

OpenHarmony has a local, out-of-bounds write vulnerability in Arkcompiler Ets Runtime affecting v4.1.0 and earlier, enabling a local attacker to achieve arbitrary code execution in pre-installed apps. Root cause is described as an out-of-bounds write in the Ark eTS runtime. Affected component/fun...

8.4CVSS8.2AI score0.00174EPSS
CVE
CVE
added 2024/10/08 3:3 a.m.62 views

CVE-2024-43697

CVE-2024-43697 affects OpenHarmony v4.1.0 and earlier. The issue is an improper input handling vulnerability that can allow a local attacker to cause a Denial of Service, impacting availability. The CVSS narrative from the sources shows local access, low attack complexity, and that no user intera...

5.5CVSS4.1AI score0.00143EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.62 views

CVE-2025-0587

OpenHarmony vulnerability CVE-2025-0587 affects OpenHarmony v5.0.2 and earlier, where an integer overflow in pre-installed apps enables local arbitrary code execution under restricted conditions. The issue’s root cause is the integer overflow; impact is local code execution with high confidential...

7.8CVSS7.5AI score0.00176EPSS
CVE
CVE
added 2025/06/08 11:46 a.m.62 views

CVE-2025-21082

CVE-2025-21082 affects OpenHarmony v5.0.3 and earlier, with a type confusion vulnerability in the arkui_ace_engine that can cause local apps to crash. The issue is described as a local, low-privilege, low-complexity condition with availability impact (crash) and no confidentiality/integrity impac...

5.5CVSS3.9AI score0.00114EPSS
CVE
CVE
added 2024/04/02 6:22 a.m.61 views

CVE-2024-22092

OpenHarmony OpenHarmony v3.2.4 and earlier are affected by a remote authentication bypass that allows installing apps without proper permission checks, though user action is required. This is a high-severity issue (CVSS-like impact: high for integrity and confidentiality in some vectors) with pot...

7.7CVSS7.5AI score0.00446EPSS
CVE
CVE
added 2024/09/02 3:25 a.m.61 views

CVE-2024-41160

OpenHarmony affects OpenHarmony v4.1.0 and earlier. The CVE-2024-41160 vulnerability is described as a use-after-free that allows a local attacker to upgrade the common permission to root and leak sensitive information. The available documents confirm the affected software and the malicious outco...

8.8CVSS7.9AI score0.00158EPSS
CVE
CVE
added 2025/06/08 11:46 a.m.61 views

CVE-2025-20063

OpenHarmony CVE-2025-20063 affects OpenHarmony v5.0.3 and earlier, with a type-confusion vulnerability in the arkui_ace_engine that can allow a local attacker to crash apps (availability impact). The CVSS indicates low attack complexity and local access; impact is high for availability. No specif...

5.5CVSS3.9AI score0.00114EPSS
CVE
CVE
added 2025/04/07 2:35 a.m.61 views

CVE-2025-22452

OpenHarmony vulnerability CVE-2025-22452: A local out-of-bounds read allows a local attacker to cause a denial of service on OpenHarmony v5.0.2 and earlier. Affected component is not deeply detailed in the provided docs, but multiple sources corroborate the local DOS outcome due to an out-of-boun...

5.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2025/05/06 9:3 a.m.61 views

CVE-2025-22886

OpenHarmony vulnerability CVE-2025-22886 affects OpenHarmony v5.0.3 and earlier. The issue stems from missing release of memory in a component, enabling a local attacker to cause a Denial of Service. Affected scope is limited to local access; integrity and confidentiality are not impacted per ava...

5.5CVSS6.8AI score0.00121EPSS
CVE
CVE
added 2025/04/07 2:35 a.m.61 views

CVE-2025-24304

CVE-2025-24304 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds write that allows a local attacker to cause a denial of service. The available connected sources consistently describe the vulnerability as a local DOS via an out‑of‑bounds write, with no public exploitation deta...

5.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2025/05/06 8:50 a.m.61 views

CVE-2025-25218

The CVE-2025-25218 entry concerns OpenHarmony before and including v5.0.3 where a NULL pointer dereference allows a local attacker to cause a denial of service. The root cause is a NULL pointer dereference in the affected component, leading to a crash or DOS condition when exploited locally. Publ...

5.5CVSS4AI score0.00121EPSS
CVE
CVE
added 2024/03/04 6:19 a.m.60 views

CVE-2024-21816

CVE-2024-21816 – OpenHarmony local information disclosure . Multiple connected sources confirm that OpenHarmony v4.0.0 and earlier are affected by an improper preservation of permissions in the Background Task Manager, enabling a local attacker to leak information. Affected component is the permi...

5.5CVSS4.2AI score0.00143EPSS
CVE
CVE
added 2024/07/02 8:13 a.m.60 views

CVE-2024-36243

CVE-2024-36243 affects OpenHarmony Arkcompiler Ets Runtime in versions prior to 4.0.0 and 4.0.0 as baseline. The vulnerability is an out-of-bounds read/write that enables remote arbitrary code execution in pre-installed apps. Root cause details are described in related vulnerability records and P...

9.8CVSS8.4AI score0.00569EPSS
CVE
CVE
added 2024/11/05 8:1 a.m.60 views

CVE-2024-47797

CVE-2024-47797 affects OpenHarmony v4.1.0 and earlier. A local attacker can exploit an out-of-bounds write to elevate privileges (normal user to root) and leak sensitive information. The vulnerability impacts confidentiality and, to a lesser extent, integrity/availability as described in the sour...

8.4CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2025/06/08 11:47 a.m.60 views

CVE-2025-27242

This CVE-2025-27242 affects OpenHarmony v5.0.3 and earlier, where an improper input handling vulnerability allows a local attacker to cause a denial of service. The root cause is input validation/handling weakness in the OpenHarmony security component (security_component_manager). Reported impact...

5.5CVSS3.9AI score0.00114EPSS
CVE
CVE
added 2025/04/07 2:35 a.m.60 views

CVE-2025-27534

CVE-2025-27534 affects OpenHarmony v5.0.2 and earlier. The vulnerability is a local-denial-of-service caused by missing release of memory (memory not freed). Root cause: memory release issue leading to exhaustion under local access. Impact: denial of service when a local attacker triggers the con...

5.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2024/04/02 6:22 a.m.59 views

CVE-2024-22180

CVE-2024-22180 affects OpenHarmony versions prior to and including 4.0.0, where a local attacker can trigger a denial-of-service via a use-after-free vulnerability in a camera-related component. The root cause is a use-after-free scenario leading to resource exhaustion or crash, as described acro...

5.5CVSS3.9AI score0.00153EPSS
CVE
CVE
added 2024/09/02 3:25 a.m.59 views

CVE-2024-41157

CVE-2024-41157 is a use-after-free vulnerability in OpenHarmony (LiteOS-A component) affecting OpenHarmony v4.1.0 and earlier. A local attacker can escalate privileges to root and leak sensitive information due to the use-after-free flaw. Exploitation details are not provided in the connected doc...

8.8CVSS7.9AI score0.00188EPSS
CVE
CVE
added 2024/11/05 8:1 a.m.59 views

CVE-2024-47137

CVE-2024-47137 affects OpenHarmony v4.1.0 and earlier. The issue is an out-of-bounds write in the affected component that enables a local attacker to elevate privileges to root and cause a sensitive information leak. Publicly documented across multiple sources (NVD/Red Hat/CVE lists) confirm loca...

8.4CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.59 views

CVE-2025-20024

OpenHarmony CVE-2025-20024 affects v5.0.2 and earlier. The issue is an integer overflow in pre-installed apps that allows a local attacker to achieve arbitrary code execution in restricted scenarios. Documented impact is local, with low to moderate overall severity across sources, and there is no...

5.3CVSS7.5AI score0.00147EPSS
CVE
CVE
added 2023/03/10 10:44 a.m.58 views

CVE-2023-22301

OpenHarmony OpenHarmony-v3.1.5 and earlier are affected by a vulnerability in the kernel subsystem hmdfs that allows arbitrary memory access. A network attacker could remotely obtain kernel memory data. Root cause: improper handling in hmdfs. Impact: kernel memory confidentiality exposure. Mitiga...

7.5CVSS6.7AI score0.00598EPSS
CVE
CVE
added 2024/07/02 8:14 a.m.58 views

CVE-2024-37185

Technical details (affected products, exact components, root cause, versions, exploitability) are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

9.8CVSS8.5AI score0.0062EPSS
CVE
CVE
added 2024/10/08 3:3 a.m.58 views

CVE-2024-39806

CVE-2024-39806 affects OpenHarmony v4.1.0 and earlier, where an out-of-bounds read by a local attacker leads to information disclosure. The vulnerability concerns general OpenHarmony components vulnerable to info leak with a Local, Low-privilege attacker and Low attack complexity; Confidentiality...

5.5CVSS5.3AI score0.00152EPSS
CVE
CVE
added 2025/02/07 9:21 a.m.58 views

CVE-2025-0303

CVE-2025-0303 affects OpenHarmony v4.1.2 and earlier. The issue is a local privilege escalation via a buffer overflow that lets an attacker upgrade a common permission to root and leak sensitive information. The available connected documents consistently describe a local attack vector with root-l...

8.8CVSS6.5AI score0.00169EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.58 views

CVE-2025-20011

CVE-2025-20011 is observed in OpenHarmony v5.0.2 and earlier versions. The issue is a local denial-of-service caused by a memory release/cleanup failure in the Dsoftbus/related components, per OpenHarmony disclosures and corroborated by multiple feeds. NVD lists impact as availability loss with a...

5.5CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.58 views

CVE-2025-20021

CVE-2025-20021 affects OpenHarmony v5.0.2 and earlier. The vulnerability is an out-of-bounds read that enables a local attacker to cause a denial-of-service. The available sources consistently describe a local-execution vector with the impact limited to availability (DOs) and do not provide explo...

5.5CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2025/06/08 11:46 a.m.58 views

CVE-2025-27131

CVE-2025-27131 affects OpenHarmony v5.0.3 and earlier. The issue is an improper input handling vulnerability in the kernel_liteos_m stack that enables a local attacker to cause a denial-of-service. The MITRE-style CVE entry lists a local attack vector with LOW privileges and LOW complexity, resul...

6.1CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2024/11/05 8:1 a.m.57 views

CVE-2024-47404

OpenHarmony v4.1.0 and earlier are affected by a local privilege-escalation and information-leak vulnerability caused by a double-free condition. The issue allows a local attacker to upgrade the common permission to root and leak sensitive data. Affected component details are reported across mult...

8.4CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2024/02/02 6:18 a.m.56 views

CVE-2024-21845

CVE-2024-21845 affects OpenHarmony up to and including v4.0.0. A local attacker can trigger a heap overflow due to an integer overflow in Dsoftbus-related functionality, as described in multiple sources. The vulnerability impact is described as high in CVSS terms, with local access required and n...

7.8CVSS7.7AI score0.0018EPSS
CVE
CVE
added 2025/03/04 3:44 a.m.56 views

CVE-2025-23420

CVE-2025-23420 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds write in pre-installed apps that enables a local attacker to execute arbitrary code, with exploitation described as occurring in restricted scenarios. The available sources consistently describe the vulnerability...

7.8CVSS7.5AI score0.00164EPSS
CVE
CVE
added 2025/06/08 11:46 a.m.56 views

CVE-2025-24493

CVE-2025-24493 applies to OpenHarmony v5.0.3 and earlier, with a race-condition in the kernel that could allow a local attacker to leak information (confidentiality impact high). Public details consistently cite the issue and recommend upgrading to a fixed version, though the exact patched versio...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/03/10 10:44 a.m.55 views

CVE-2023-0083

The CVE-2023-0083 issue affects the ArKUI framework subsystem in OpenHarmony v3.1.5 and earlier, and v3.0.7 and earlier. Root cause: improper input validation in the ArKUI component, which a local attacker can exploit by sending malicious data, leading to the target application crash (impact: ava...

5.5CVSS4.8AI score0.00162EPSS
CVE
CVE
added 2023/03/10 10:45 a.m.55 views

CVE-2023-25947

The CVE-2023-25947 entry affects OpenHarmony v3.1.4 and earlier. The bundle management subsystem contains a null pointer reference that local attackers can exploit to cause a DoS when installing a malicious HAP package. The impact is a local DoS with availability loss; no confidentiality or integ...

6.2CVSS5.5AI score0.00163EPSS
CVE
CVE
added 2024/01/02 7:24 a.m.55 views

CVE-2023-49135

OpenHarmony CVE-2023-49135 affects v3.2.2 and earlier. A local attacker can cause the multimedia player to crash by modifying a released pointer, indicating a use-after-free/pointer reuse issue in the multimedia component. The vulnerability originates from reusing pointers released from the multi...

5.5CVSS5.5AI score0.00154EPSS
CVE
CVE
added 2024/12/03 12:15 p.m.55 views

CVE-2024-12082

OpenHarmony is affected by CVE-2024-12082 in v4.0.0 and earlier, where an out-of-bounds read leads to information leakage via local access. The root cause is an out-of-bounds read in vulnerable components; impact is confidentiality (information disclosure) with no integrity/availability impact st...

5.5CVSS5.3AI score0.00152EPSS
CVE
CVE
added 2024/09/02 3:25 a.m.55 views

CVE-2024-39775

CVE-2024-39775 affects OpenHarmony v4.1.0 and earlier. The vulnerability is an out-of-bounds read that can lead to an information leak (confidentiality impact high as per the entry). Public exploitation details are not provided in the supplied documents. The issue is described across multiple sou...

7.5CVSS6.5AI score0.00446EPSS
CVE
CVE
added 2025/01/07 7:57 a.m.55 views

CVE-2024-47398

The CVE-2024-47398 entry affects OpenHarmony v4.1.2 and earlier. It is an out-of-bounds write vulnerability that a local attacker can trigger to cause the device to fail to boot. Connected sources do not provide exploit details or a remediation in the supplied documents.

8.8CVSS8.5AI score0.00158EPSS
CVE
CVE
added 2024/11/05 8:1 a.m.55 views

CVE-2024-47402

CVE-2024-47402 relates to OpenHarmony v4.0.0 and earlier, where a local attacker can cause a denial of service via an out-of-bounds read. The impact is described as DOS with local access; the exact vulnerable component is not explicitly identified in the provided documents. Mitigation appears to ...

5.5CVSS4.1AI score0.0015EPSS
CVE
CVE
added 2025/04/07 2:35 a.m.55 views

CVE-2025-22842

OpenHarmony is affected: CVE-2025-22842 in v5.0.2 and earlier allows a local attacker to cause a denial of service via an out-of-bounds read. Exploitation details are not provided in the documents. A fix is available in newer versions; remediation is to upgrade to a version that contains the fix ...

5.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2025/04/07 2:35 a.m.55 views

CVE-2025-22851

CVE-2025-22851 affects OpenHarmony v5.0.2 and earlier; the issue is an integer overflow in pre-installed apps that enables local attackers to achieve arbitrary code execution. Affected component/versions are OpenHarmony pre-installed apps on v5.0.2 and older. The provided documents do not specify...

8.8CVSS7.6AI score0.00171EPSS
CVE
CVE
added 2025/06/08 11:46 a.m.55 views

CVE-2025-25217

CVE-2025-25217 affects OpenHarmony v5.0.3 and older. The root cause is a NULL pointer dereference in arkui_ace_engine (OpenHarmony components) that allows a local attacker to cause a denial-of-service condition. The available sources consistently describe a local attack vector with DOS impact and...

5.5CVSS3.9AI score0.00114EPSS
CVE
CVE
added 2025/06/08 11:47 a.m.55 views

CVE-2025-27563

OpenHarmony vulnerability CVE-2025-27563 affects OpenHarmony v5.0.3 and earlier. A local attacker can cause information leakage due to improper preservation of permissions when accessing the get permission. The issue is explicitly described across multiple sources as a local information leak with...

5.5CVSS3.7AI score0.0011EPSS
CVE
CVE
added 2023/01/09 2:23 a.m.54 views

CVE-2023-0035

OpenHarmony you’re looking at: affected product OpenHarmony v3.0.5 and earlier, with the issue in the softbus_client_stub of the communication subsystem. The root cause is an authentication bypass that enables an “SA relay attack,” allowing a local attacker to bypass authentication and target oth...

7.8CVSS7.1AI score0.00183EPSS
CVE
CVE
added 2024/02/02 6:19 a.m.54 views

CVE-2024-21851

CVE-2024-21851 affects OpenHarmony v4.0.0 and earlier, with a heap overflow caused by an integer overflow. The CVE description indicates the issue relates to Dsoftbus and is exploitable only locally (no user interaction required) with a low-privilege context; available exploit details are not pro...

7.8CVSS7.7AI score0.00154EPSS
Total number of security vulnerabilities156