Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42463 | 1 Openharmony | 1 Openharmony | 2022-10-17 | N/A | 8.8 HIGH |
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | |||||
CVE-2022-41686 | 1 Openharmony | 1 Openharmony | 2022-10-17 | N/A | 4.4 MEDIUM |
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption. | |||||
CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2022-09-14 | N/A | 5.5 MEDIUM |
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | |||||
CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2022-09-14 | N/A | 8.8 HIGH |
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | |||||
CVE-2022-38701 | 1 Openharmony | 1 Openharmony | 2022-09-14 | N/A | 3.3 LOW |
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. |