CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27562 – communication_dsoftbus has a missing release of memory vulnerability
https://notcve.org/view.php?id=CVE-2025-27562
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27128 – liteos_a has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-27128
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-25212 – pasteboard has an improper input vulnerability
https://notcve.org/view.php?id=CVE-2025-25212
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24844 – communication_dsoftbus has a missing release of memory vulnerability
https://notcve.org/view.php?id=CVE-2025-24844
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27536 – arkcompiler_ets_runtime has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2025-27536
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26690 – communication dsoftbus has a NULL pointer vulnerability
https://notcve.org/view.php?id=CVE-2025-26690
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24925 – applications_settings has a missing release of memory vulnerability
https://notcve.org/view.php?id=CVE-2025-24925
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24298 – liteos_a has an UAF vulnerability
https://notcve.org/view.php?id=CVE-2025-24298
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-07.md • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-25278 – liteos_a has a race condition vulnerability
https://notcve.org/view.php?id=CVE-2025-25278
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-08.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27577 – liteos_a has a race condition vulnerability
https://notcve.org/view.php?id=CVE-2025-27577
11 Aug 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-08.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •