代码拉取完成,页面将自动刷新
published December 6,2022
updated December 6,2022
| Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | CVSS3.1 Base Score | affected versions | affected projects | fix link | reference |
|---|---|---|---|---|---|---|---|---|
| OpenHarmony-SA-2022-1201 | CVE-2022-45877 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. | 8.3 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release | distributedhardware_device_manager applications_hap security_device_auth |
3.1.x 3.1.x 3.1.x |
Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1202 | CVE-2022-41802 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS |
kernel_liteos_a |
3.1.x 3.0.x 1.1.x |
Reported by Researchers |
| OpenHarmony-SA-2022-1203 | CVE-2022-45126 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS |
kernel_liteos_a |
3.1.x 3.0.x 1.1.x |
Reported by Researchers |
| OpenHarmony-SA-2022-1204 | CVE-2022-43662 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS |
kernel_liteos_a |
3.1.x 3.0.x 1.1.x |
Reported by Researchers |
| OpenHarmony-SA-2022-1205 | CVE-2022-44455 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. | An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | 6.8 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
startup_appspawn |
3.1.x 3.0.x |
Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1206 | CVE-2022-45118 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. | Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | 6.2 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release | telephony_state_registry telephony_sms_mms |
3.1.x 3.1.x |
Reported by OpenHarmony Team |
| CVE | severity | affected OpenHarmony versions | fix link |
|---|---|---|---|
| CVE-2022-20422 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3303 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42703 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-41222 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3239 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-20423 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-41850 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3586 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3625 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42432 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3633 | Low | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3635 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3629 | Low | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3623 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3646 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3621 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3567 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-43750 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3545 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3523 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2602 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3628 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-40768 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3566 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3577 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3606 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3649 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3564 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-20409 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-41849 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-20421 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3435 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42719 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42720 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42721 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-42722 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-41674 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3535 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3521 | Low | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3524 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3534 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3542 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release | 3.1.x |
| CVE-2022-3565 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3594 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。