in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local n
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption.
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
← Previous Page 5