Every CVE whose affected-product data names Openatom Openharmony, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (156)
CVE-2024-41157 — CVSS 8.8 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2024-41160 — CVSS 8.8 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2024-47398 — CVSS 8.8 (high): in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
CVE-2025-0304 — CVSS 8.8 (high): in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2025-0303 — CVSS 8.8 (high): in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2024-10074 — CVSS 8.8 (high): in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
CVE-2025-25278 — CVSS 8.4 (high): in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVE-2024-47797 — CVSS 8.4 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2024-47404 — CVSS 8.4 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2024-47137 — CVSS 8.4 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information…
CVE-2023-43612 — CVSS 8.4 (high): in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.
CVE-2024-39816 — CVSS 8.4 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-38386 — CVSS 8.4 (high): in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2025-27577 — CVSS 8.4 (high): in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVE-2025-24298 — CVSS 8.4 (high): in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
CVE-2025-27128 — CVSS 8.4 (high): in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
CVE-2024-21860 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-37077 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-37030 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
CVE-2024-36260 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-36243 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read…
CVE-2024-37185 — CVSS 8.2 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
CVE-2024-28226 — CVSS 8.1 (high): in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.
CVE-2023-22436 — CVSS 7.8 (high): The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which…
CVE-2024-22092 — CVSS 7.7 (high): in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require…
CVE-2022-36423 — CVSS 7.4 (high): OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability…
CVE-2023-3116 — CVSS 7.3 (high): in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect…
CVE-2022-44455 — CVSS 6.8 (medium): The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow…
CVE-2024-27217 — CVSS 6.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
CVE-2025-22851 — CVSS 6.5 (medium): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
CVE-2024-22098 — CVSS 6.5 (medium): in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
CVE-2024-24581 — CVSS 6.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.
CVE-2024-29074 — CVSS 6.5 (medium): in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.
CVE-2023-0035 — CVSS 6.5 (medium): softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability…
CVE-2023-0036 — CVSS 6.5 (medium): platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which…
CVE-2024-3758 — CVSS 6.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.
CVE-2024-3759 — CVSS 6.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.
CVE-2024-39775 — CVSS 6.5 (medium): in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.
CVE-2023-22301 — CVSS 6.5 (medium): The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network…
CVE-2025-12736 — CVSS 6.5 (medium): in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
CVE-2025-25277 — CVSS 6.3 (medium): in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible…
CVE-2023-25947 — CVSS 6.2 (medium): The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local…
CVE-2023-46705 — CVSS 6.2 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
CVE-2023-46100 — CVSS 6.2 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
CVE-2022-38701 — CVSS 6.2 (medium): OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network…
CVE-2023-42774 — CVSS 6.2 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions.
CVE-2023-6045 — CVSS 5.9 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
CVE-2024-39612 — CVSS 5.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2025-26691 — CVSS 5.5 (medium): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-24493 — CVSS 5.5 (medium): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVE-2025-27247 — CVSS 5.5 (medium): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2024-28951 — CVSS 5.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.
CVE-2024-45070 — CVSS 5.5 (medium): in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2025-20042 — CVSS 5.5 (medium): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.
CVE-2024-38382 — CVSS 5.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2025-41432 — CVSS 5.5 (medium): in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2024-39806 — CVSS 5.5 (medium): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-12082 — CVSS 5.5 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2025-0302 — CVSS 5.5 (medium): in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
CVE-2024-9978 — CVSS 5.5 (medium): in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2025-21098 — CVSS 5.5 (medium): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.
CVE-2025-52458 — CVSS 5.5 (medium): in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2023-24465 — CVSS 5.5 (medium): Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer…
CVE-2024-23808 — CVSS 5.2 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or…
CVE-2022-41686 — CVSS 5.1 (medium): OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in…
CVE-2025-6969 — CVSS 5.0 (medium): in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-39831 — CVSS 4.4 (medium): in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
CVE-2023-46708 — CVSS 4.3 (medium): in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
CVE-2024-21826 — CVSS 4.3 (medium): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
CVE-2023-45734 — CVSS 4.2 (medium): in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.
CVE-2024-21816 — CVSS 4.0 (medium): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
CVE-2023-48360 — CVSS 4.0 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2023-49142 — CVSS 4.0 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.
CVE-2022-45126 — CVSS 4.0 (medium): Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call…
CVE-2023-49135 — CVSS 4.0 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.
CVE-2022-43662 — CVSS 4.0 (medium): Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call…
CVE-2023-47857 — CVSS 4.0 (medium): in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.
CVE-2022-41802 — CVSS 4.0 (medium): Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call…
CVE-2023-0083 — CVSS 4.0 (medium): The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input…
CVE-2023-4753 — CVSS 3.9 (low): OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error input.
CVE-2025-20081 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-24309 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2025-20091 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-22835 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2025-23240 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2025-20024 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow…
CVE-2025-23409 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-23414 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-21084 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer…
CVE-2025-23420 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2025-24301 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-20626 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This…
CVE-2025-27132 — CVSS 3.8 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write…
CVE-2025-0587 — CVSS 3.8 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow…
CVE-2026-0639 — CVSS 3.3 (low): in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2024-21834 — CVSS 3.3 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-22177 — CVSS 3.3 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.
CVE-2024-22180 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.
CVE-2024-28044 — CVSS 3.3 (low): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.
CVE-2024-29086 — CVSS 3.3 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.
CVE-2024-31071 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-31078 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.
CVE-2024-36278 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-3757 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.
CVE-2024-43697 — CVSS 3.3 (low): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-45382 — CVSS 3.3 (low): in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.
CVE-2024-47402 — CVSS 3.3 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-20011 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-20021 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-20063 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2025-20102 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-21082 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2025-21089 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-21097 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
CVE-2025-22443 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22452 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22837 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.
CVE-2025-22841 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22842 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22847 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-22886 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-22897 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2025-23234 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2025-23235 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-23418 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-24304 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.
CVE-2025-24844 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-24925 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-25052 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.
CVE-2025-25057 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-25212 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
CVE-2025-25217 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-25218 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-26474 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only…
CVE-2025-26690 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-26693 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27241 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-27242 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2025-27248 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-27534 — CVSS 3.3 (low): in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-27536 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
CVE-2025-27562 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-27563 — CVSS 3.3 (low): in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2024-21851 — CVSS 2.9 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2023-43756 — CVSS 2.9 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2023-25176 — CVSS 2.9 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-21845 — CVSS 2.9 (low): in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.
CVE-2023-49602 — CVSS 2.9 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-49118 — CVSS 2.9 (low): in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read.
CVE-2023-47216 — CVSS 2.9 (low): in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources