CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3759 – Hmdfs has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-3759
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. En OpenHarmony v4.0.0 y versiones anteriores permiten a un atacante local la ejecución de código arbitrario en TCB mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3758 – Hmdfs has a heap buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-3758
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local ejecute código arbitrario en TCB a través de un desbordamiento de búfer de almacenamiento dinámico. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3757 – Arkcompiler runtime has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-3757
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local provoque una falla del servicio a través de un desbordamiento de enteros. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31078 – Bluetooth Service has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-31078
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local provoque una falla del servicio mediante la desreferencia del puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23808 – Arkcompiler ets frontend has an out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2024-23808
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. En OpenHarmony v4.0.0 y versiones anteriores permiten a un atacante local la ejecución de código arbitrario en aplicaciones preinstaladas mediante use after free o provocan DOS mediante la desreferencia del puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27217 – MSDP has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-27217
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local ejecute código arbitrario en aplicaciones preinstaladas mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29086 – Arkcompiler runtime has a stack overflow svulnerability
https://notcve.org/view.php?id=CVE-2024-29086
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow. En OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local provoque DOS a través de un desbordamiento de pila. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29074 – Telephony has an improper input validation vulnerability
https://notcve.org/view.php?id=CVE-2024-29074
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. En OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local ejecute código arbitrario en cualquier aplicación mediante una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22098 – AVSession has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-22098
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local ejecute código arbitrario en cualquier aplicación mediante el use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22177 – Audio has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2024-22177
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante local provoque que las aplicaciones fallen al obtener permiso. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-281: Improper Preservation of Permissions •