Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OpenHarmony

#0cf5dd6e-1214-4398-a481-30441e48fafd
PolicyEmail

Short Name

OpenHarmony

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

openharmony.io

Country

China

Scope

openHarmony issues only.
Reported CVEsVendorsProductsReports
161Vulnerabilities found
CVE-2025-21089
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21084
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an NULL pointer dereference vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20626
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-20091
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-20081
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.93%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-20042
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.09%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an out of bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20024
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.93%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an integer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-20021
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20011
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-04 Mar, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Dsoftbus has a memory leak vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2025-0587
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an integer overflow vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-0304
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.03% / 5.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 09:21
Updated-12 Feb, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an use after free vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-0303
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.03% / 4.98%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 09:21
Updated-12 Feb, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has a buffer overflow vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-0302
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-07 Feb, 2025 | 09:21
Updated-12 Feb, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an integer overflow read vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-54030
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:57
Updated-07 Jan, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication_dsoftbus has an UAF vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2024-47398
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.03% / 6.07%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:57
Updated-07 Jan, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds write vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45070
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 07:56
Updated-07 Jan, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-OpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9978
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.51%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds read vulnerability

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-12082
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.51%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-10074
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.03% / 7.84%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-11 Dec, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an use after free vulnerability

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-47402
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-47137
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47404
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has a double free vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-415
Double Free
CVE-2024-47797
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 08:01
Updated-06 Nov, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45382
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-43697
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Improper Input Validation vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2024-43696
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.85%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an Memory Leak vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2024-39831
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.07%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AccessTokenManager has an use after free vulnerability

in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2024-39806
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.33%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 03:03
Updated-16 Oct, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos_a has an out-of-bounds Read vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-41160
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an use after free vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-41157
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.62%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an use after free vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-39816
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39775
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.38%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Net Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-39612
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.11%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background Task Manager has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-38386
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.50%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:25
Updated-04 Sep, 2024 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-38382
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.11%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability Runtime has an out-of-bounds read permission bypass vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-28044
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 03:24
Updated-04 Sep, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has an integer overflow vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-37077
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:14
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37185
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:14
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36260
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36278
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.05% / 13.72%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a type confusion vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-36243
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.45% / 79.99%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-37030
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-31071
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.05% / 15.94%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 08:13
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has a type confusion vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-3759
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.71%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hmdfs has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-3758
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hmdfs has a heap buffer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3757
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-31078
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:27
Updated-02 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bluetooth Service has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-23808
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.2||MEDIUM
EPSS-0.07% / 21.27%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:26
Updated-02 Jan, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler ets frontend has an out-of-bounds read vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-27217
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.97%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 06:26
Updated-02 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MSDP has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-29086
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.09% / 27.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:23
Updated-02 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has a stack overflow svulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next