CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27247 – Pasteboard has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2025-27247
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cause fugas de información mediante la obtención de permisos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27242 – Ssecurity_component_manager has an improper input vulnerability
https://notcve.org/view.php?id=CVE-2025-27242
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27563 – security_access_token has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2025-27563
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cause fugas de información mediante la obtención de permisos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26693 – security_access_token has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2025-26693
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cause fugas de información mediante la obtención de permisos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26691 – telephony_call_manager has an improper preservation of permissions vulnerability
https://notcve.org/view.php?id=CVE-2025-26691
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cause fugas de información mediante la obtención de permisos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27131 – kernel_liteos_m has an improper input vulnerability
https://notcve.org/view.php?id=CVE-2025-27131
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24493 – kernel_liteos_a has a race condition vulnerability
https://notcve.org/view.php?id=CVE-2025-24493
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. En OpenHarmony v5.0.3 y versiones anteriores, permitir que un atacante local provoque una fuga de información a través de una condición de ejecución. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25217 – arkui_ace_enginehas a NULL pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-25217
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23235 – arkcompiler_ets_runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-23235
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un ataque DOS mediante lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21082 – arkui_ace_engine has a type confusion vulnerability
https://notcve.org/view.php?id=CVE-2025-21082
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. En OpenHarmony v5.0.3 y versiones anteriores, permitir que un atacante local provoque que las aplicaciones se bloqueen mediante confusión de tipos. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •