125 matches found
CVE-2024-37077
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2025-24493
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVE-2025-27563
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2023-46100
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
CVE-2023-4753
OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input.
CVE-2022-41686
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensiti...
CVE-2023-3116
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.
CVE-2023-49118
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2025-27247
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2022-38701
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
CVE-2023-0036
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVE-2023-49135
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-6045
in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
CVE-2024-21860
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2025-27131
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
CVE-2023-42774
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
CVE-2024-21863
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2023-43756
in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2023-48360
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-49142
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.
CVE-2022-45126
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVE-2023-45734
in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.
CVE-2023-47216
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources
CVE-2023-47857
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.