代码拉取完成,页面将自动刷新
published November 1,2022
updated November 1,2022
| Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | CVSS3.1 Base Score | affected versions | affected projects | fix link | reference |
|---|---|---|---|---|---|---|---|---|
| OpenHarmony-SA-2022-1101 | CVE-2022-43451 | Multiple path traversal in appspawn and nwebspawn services. | Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | 8.4 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | startup_appspawn | 3.1.x | Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1102 | CVE-2022-43449 | Arbitrary file read via download_server. | Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | 6.2 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | request_request | 3.1.x | Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1103 | CVE-2022-43495 | An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. | Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. | 6.5 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | distributedhardware_device_manager | 3.1.x | Reported by OpenHarmony Team |
| CVE | severity | affected OpenHarmony versions | fix link |
|---|---|---|---|
| CVE-2022-2295 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2294 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-26373 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-23816 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-29901 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-29900 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2481 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x |
| CVE-2022-2480 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2478 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2477 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-30790 | Critical | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS |
3.1.x 3.1.x 3.0.x 3.0.x 1.1.x |
| CVE-2022-1462 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-1184 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2663 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-39190 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-39189 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-40674 | Critical | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3202 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3199 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release | 3.1.x |
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。