CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29074 – Telephony has an improper input validation vulnerability
https://notcve.org/view.php?id=CVE-2024-29074
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. En OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local ejecute código arbitrario en cualquier aplicación mediante una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22098 – AVSession has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-22098
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local ejecute código arbitrario en cualquier aplicación mediante el use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22177 – Audio has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2024-22177
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local provoque que las aplicaciones fallen al obtener permiso. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21834 – Arkui has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2024-21834
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local provoque que las aplicaciones fallen debido a confusión de tipos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •