| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios. |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios. |
| The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
|
| The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions,
OpenHarmony-v3.0.7 and prior versions
has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
|
| The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an
arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.
|
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. |
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow. |
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. |
| in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. |
