CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25052 – arkcompiler_ets_runtime has a buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-25052
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. En OpenHarmony v5.0.3 y versiones anteriores permiten que un atacante local provoque un DOS a través de un desbordamiento del búfer. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27241 – multimedia_av_codec has a NULL pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-27241
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27248 – ai_neural_network_runtime has a NULL pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-27248
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22886 – distributeddatamgr_udmf has a memory leak vulnerability
https://notcve.org/view.php?id=CVE-2025-22886
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la falta de liberación de memoria. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27132 – arkcompiler_ets_runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-27132
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. En OpenHarmony v5.0.3 y versiones anteriores, se permite a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas mediante escritura fuera de los límites. Esta vulnerabilidad solo se puede explotar en escenarios restringidos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-05.md • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25218 – third_party_mksh has a NULL pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-25218
06 May 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27534 – arkcompiler_ets_runtime has an out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2025-27534
07 Apr 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25057 – third_party_NuttX has a memory leak vulnerability
https://notcve.org/view.php?id=CVE-2025-25057
07 Apr 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24304 – arkcompiler_ets_runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-24304
07 Apr 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22851 – Liteos_A has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-22851
07 Apr 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-190: Integer Overflow or Wraparound •