Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 167

All 167 CVE vulnerabilities found in OpenHarmony, with AI-generated Chinese analysis, references, and POCs.

Vendor: OpenHarmony

CVE IDTitleCVSSSeverityPublished
CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. CWE-120 4.0 Medium2023-01-09
CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. CWE-120 4.0 Medium2022-12-08
CVE-2022-44455 The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. CWE-120 6.8 Medium2022-12-08
CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set. CWE-287 6.2 Medium2022-12-08
CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. CWE-287 8.3 High2022-12-08
CVE-2022-43495 An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. CWE-476 6.5 Medium2022-11-03
CVE-2022-43449 Arbitrary file read via download_server. CWE-20 6.2 Medium2022-11-03
CVE-2022-43451 Multiple path traversal in appspawn and nwebspawn services. CWE-287 8.4 High2022-11-03
CVE-2022-42464 Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ... CWE-276 6.7 Medium2022-10-14
CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ... CWE-287 8.3 High2022-10-14
CVE-2022-41686 Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ... CWE-787 5.1 Medium2022-10-14
CVE-2022-42488 Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. CWE-287 8.4 High2022-10-14
CVE-2022-38064 windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. CWE-305 6.2 Medium2022-09-09
CVE-2022-38081 Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. CWE-305 6.2 Medium2022-09-09
CVE-2022-38700 multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. CWE-305 8.8 High2022-09-09
CVE-2022-38701 IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. CWE-122 6.2 Medium2022-09-09
CVE-2022-36423 Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. CWE-16 7.4 High2022-09-09

All 167 known CVE vulnerabilities affecting OpenHarmony with full Chinese analysis, references, and POCs where available.