Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OpenHarmony

#0cf5dd6e-1214-4398-a481-30441e48fafd
PolicyEmail

Short Name

OpenHarmony

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

openharmony.io

Country

China

Scope

openHarmony issues only.
Reported CVEsVendorsProductsReports
161Vulnerabilities found
CVE-2024-28951
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.37%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 06:23
Updated-24 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-28226
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.1||HIGH
EPSS-1.73% / 81.68%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:23
Updated-27 Jan, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fs has an improper input validation vulnerability

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2024-24581
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.25%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 06:23
Updated-04 Mar, 2025 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler runtime has an out-of-bounds write vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-22092
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-7.7||HIGH
EPSS-0.17% / 38.57%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-27 Jan, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bundlemanager has an authentication bypass vulnerability

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-29074
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.25%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 06:22
Updated-12 Mar, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telephony has an improper input validation vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2024-22180
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.07% / 23.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-27 Jan, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Camera has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2024-22098
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.47%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 06:22
Updated-02 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVSession has a use after free vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2024-22177
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-02 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audio has an improper preservation of permissions vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-21834
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.3||LOW
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 06:22
Updated-02 Jan, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-21826
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.35%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Huks has an insecure storage of sensitive information vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2024-21816
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Background task manager has an improper preservation of permissions vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-49602
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-46708
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:19
Updated-16 Dec, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wlan has a use after free vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-416
Use After Free
CVE-2023-25176
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 06:18
Updated-16 Dec, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pasteboard has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-21863
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.7||MEDIUM
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:19
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an improper input validation vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2024-21851
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:19
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-0285
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:19
Updated-07 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an improper input validation vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2023-45734
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 8.74%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:19
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds write vulnerability

in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21860
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.55%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-08 Nov, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2024-21845
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an integer overflow vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-49118
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-43756
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:18
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dsoftbus has an out-of-bounds read vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-49142
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 16.98%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:24
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia audio has a UAF vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)OpenAtom Foundation
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2023-49135
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.05% / 14.41%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:24
Updated-14 Nov, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia player has a UAF vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2023-48360
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:24
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia player has a UAF vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)OpenAtom Foundation
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2023-47857
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.06% / 17.54%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:24
Updated-03 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
multimedia camera has a UAF vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2023-47216
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-2.9||LOW
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 07:23
Updated-17 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a missing release of resource vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2023-47217
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.03% / 6.35%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkruntime has a buffer overflow vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46100
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cert manager has a use of uninitialized resource vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2023-42774
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-6045
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 5.42%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkruntime has a type confusion vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-46705
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:46
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkruntime has a type confusion vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-43612
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.00%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:45
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hiview has an improper preservation of permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2023-3116
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 11:44
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Liteos-A has a incorrect default permissions vulnerability

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4753
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-3.9||LOW
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 09:16
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenHarmony v3.2.1 and prior version has a system call function usage error

OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25947
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.03%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:45
Updated-03 Mar, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The bundle management subsystem has a improper input validation when installing a HAP package.

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-24465
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.03%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:45
Updated-04 Mar, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication Wi-Fi  subsystem has a null pointer reference vulnerability when receving external data.

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-22436
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.44%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:44
Updated-04 Mar, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability.

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-416
Use After Free
CVE-2023-22301
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.08%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:44
Updated-27 Feb, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0083
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.02%
||
7 Day CHG~0.00%
Published-10 Mar, 2023 | 10:44
Updated-27 Feb, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-0036
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:24
Updated-09 Apr, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2023-0035
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:23
Updated-09 Apr, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2022-43662
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:23
Updated-09 Apr, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45126
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 02:22
Updated-09 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44455
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-41802
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-4||MEDIUM
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-09 Sep, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-45877
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-8.3||HIGH
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmonyopenharmony
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-45118
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telephony in communication subsystem sends public events with personal data, but the permission is not set.

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-43495
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-30 Apr, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-43449
Assigner-OpenHarmony
ShareView Details
Assigner-OpenHarmony
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:15
Updated-02 May, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary file read via download_server.

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Action-Not Available
Vendor-OpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-552
Files or Directories Accessible to External Parties
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next