CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27217 – MSDP has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-27217
07 May 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local ejecute código arbitrario en aplicaciones preinstaladas mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28951 – Arkcompiler runtime has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-28951
02 Apr 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. En OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local ejecute código arbitrario en aplicaciones preinstaladas mediante el use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-416: Use After Free •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22092 – Bundlemanager has an authentication bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-22092
02 Apr 2024 — in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante remoto omita la verificación de permisos para instalar aplicaciones, aunque estas requieren la acción del usuario. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-290: Authentication Bypass by Spoofing •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22180 – Camera has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-22180
02 Apr 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local cause DOS mediante use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-04.md • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46708 – Wlan has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2023-46708
04 Mar 2024 — in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21863 – Dsoftbus has an improper input validation vulnerability
https://notcve.org/view.php?id=CVE-2024-21863
02 Feb 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Las versiones de OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local cause DOS mediante una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21851 – Dsoftbus has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-21851
02 Feb 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. Las versiones de OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local provoque un desbordamiento en la región Heap a través de un desbordamiento de enteros. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0285 – Dsoftbus has an improper input validation vulnerability
https://notcve.org/view.php?id=CVE-2024-0285
02 Feb 2024 — in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. Las versiones de OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante local cause DOS mediante una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45734 – Dsoftbus has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2023-45734
02 Feb 2024 — in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write. Las versiones de OpenHarmony v3.2.4 y versiones anteriores permiten que un atacante adyacente ejecute código arbitrario mediante escritura fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21860 – Dsoftbus has a use after free vulnerability
https://notcve.org/view.php?id=CVE-2024-21860
02 Feb 2024 — in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. Las versiones de OpenHarmony v4.0.0 y versiones anteriores permiten que un atacante adyacente ejecute código arbitrario en cualquier aplicación mediante un use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md • CWE-416: Use After Free •