Latest Openharmony Vulnerabilities

CVE-2024-37077
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
Openharmony Openharmony<=4.0
CVE-2024-37185
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
Openharmony Openharmony<=4.0
CVE-2024-36260
Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
Openharmony Openharmony<=4.0
CVE-2024-36278
Arkcompiler Ets Runtime has a type confusion vulnerability
Openharmony Openharmony<=4.0
CVE-2024-36243
Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
Openharmony Openharmony<=4.0
CVE-2024-37030
Arkcompiler Ets Runtime has a use after free vulnerability
Openharmony Openharmony<=4.0
CVE-2024-31071
Arkcompiler Ets Runtime has a type confusion vulnerability
Openharmony Openharmony<=4.0
CVE-2024-21863
Dsoftbus has an improper input validation vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
Openharmony Openharmony=4.0
CVE-2024-21851
Dsoftbus has an integer overflow vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
Openharmony Openharmony=4.0
CVE-2024-0285
Dsoftbus has an improper input validation vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
Openharmony Openharmony=4.0
CVE-2023-45734
Dsoftbus has an out-of-bounds write vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
CVE-2024-21860
Dsoftbus has a use after free vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
Openharmony Openharmony=4.0
CVE-2024-21845
Dsoftbus has an integer overflow vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
Openharmony Openharmony=4.0
CVE-2023-49118
Dsoftbus has an out-of-bounds read vulnerability
Openharmony Openharmony>=3.2.0<=3.2.4
CVE-2023-43756
Dsoftbus has an out-of-bounds read vulnerability
Openharmony Openharmony<=3.2.4
CVE-2023-49142
multimedia audio has a UAF vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-49135
multimedia player has a UAF vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-48360
multimedia player has a UAF vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-47857
multimedia camera has a UAF vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-47216
Liteos-A has a missing release of resource vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-47217
Arkruntime has a buffer overflow vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-46100
Cert manager has a use of uninitialized resource vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-42774
Liteos-A has a incorrect default permissions vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-6045
Arkruntime has a type confusion vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-46705
Arkruntime has a type confusion vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-43612
Hiview has an improper preservation of permissions vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-3116
Liteos-A has a incorrect default permissions vulnerability
Openharmony Openharmony<=3.2.2
CVE-2023-4753
OpenHarmony v3.2.1 and prior version has a system call function usage error
<=3.2.1
Openharmony Openharmony<=3.2.1
CVE-2023-24465
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vuln...
Openharmony Openharmony>=3.0<=3.0.7
Openharmony Openharmony>=3.1<=3.1.4
CVE-2023-22436
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate th...
Openharmony Openharmony>=3.1<=3.1.5
CVE-2023-25947
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to th...
Openharmony Openharmony>=3.1<=3.1.4
CVE-2023-22301
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data ...
Openharmony Openharmony>=3.1<=3.1.5
CVE-2023-0083
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this ...
Openharmony Openharmony>=3.0<=3.0.7
Openharmony Openharmony>=3.1<=3.1.5
CVE-2022-43662
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied ...
Openharmony Openharmony>=1.1.0<=1.1.5
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1.0<=3.1.4
CVE-2023-0036
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentica...
Openharmony Openharmony>=3.0<=3.0.5
CVE-2023-0035
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass auth...
Openharmony Openharmony>=3.0<=3.0.5
CVE-2022-45126
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied ...
Openharmony Openharmony>=1.1.0<=1.1.5
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1.0<=3.1.4
CVE-2022-44455
The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-45118
Telephony in communication subsystem sends public events with personal data, but the permission is not set.
Openharmony Openharmony>=3.1<=3.1.4
CVE-2022-45877
PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
Openharmony Openharmony>=3.1<=3.1.4
CVE-2022-41802
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
Openharmony Openharmony>=1.1.0<=1.1.5
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1<=3.1.4
CVE-2022-43495
An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-43449
Arbitrary file read via download_server.
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-43451
Multiple path traversal in appspawn and nwebspawn services.
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-42488
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privi...
Openharmony Openharmony>=3.1<3.1.2
CVE-2022-42464
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-42463
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distribute...
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-41686
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the ...
Openharmony Openharmony>=3.0<=3.0.6
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-38701
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Openharmony Openharmony>=3.0<=3.0.5
Openharmony Openharmony>=3.1<=3.1.2
CVE-2022-38700
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
Openharmony Openharmony=3.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203