Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Openharmony Subscribe
Filtered by product Openharmony
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-42463 1 Openharmony 1 Openharmony 2022-10-17 N/A 8.8 HIGH
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
CVE-2022-41686 1 Openharmony 1 Openharmony 2022-10-17 N/A 4.4 MEDIUM
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
CVE-2022-38081 1 Openharmony 1 Openharmony 2022-09-14 N/A 5.5 MEDIUM
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
CVE-2022-38700 1 Openharmony 1 Openharmony 2022-09-14 N/A 8.8 HIGH
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
CVE-2022-38701 1 Openharmony 1 Openharmony 2022-09-14 N/A 3.3 LOW
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.