lists.openatom.io
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
List overview
Download
Security-bulletin
June 2022
----- 2024 -----
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
security@openharmony.io
1 participants
1 discussions
Start a n
N
ew thread
OpenHarmony6月安全公告 Security Vulnerabilities in June 2022
by Liuxu (louis)
2022年6月安全漏洞 发布于2022.6.6 漏洞编号 相关漏洞 漏洞描述 漏洞影响 受影响的版本 受影响的仓库 修复链接 参考链接 OpenHarmony-SA-2022-0601 NA 事件通知子系统反序列化对象时会绕过认证机制。 攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release notification_ces_standard 链接<
https://gitee.com/openharmony/notification_common_event_service/pulls/269
> 本项目组上报 OpenHarmony-SA-2022-0602 NA 事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS notification_ces_standard 链接<
https://gitee.com/openharmony/notification_common_event_service/pulls/245
> 本项目组上报 OpenHarmony-SA-2022-0603 NA 升级服务组件存在校验绕过漏洞,可发起SA中继攻击。 攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS update_updateservice 链接<
https://gitee.com/openharmony/update_updateservice/pulls/115
> 本项目组上报 OpenHarmony-SA-2022-0604 NA 多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。 攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS multimedia_media_standard 链接<
https://gitee.com/openharmony/multimedia_media_standard/pulls/567
> 本项目组上报 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE 严重程度 受影响的OpenHarmony版本 修复链接 CVE-2022-25313 中 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25314 高 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25315 中 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25235 高 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25236 严重 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-23308 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS 链接<
https://gitee.com/openharmony/third_party_libxml2/pulls/11
> CVE-2022-25375 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-25258 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-0435 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-24959 低 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-44879 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-24958 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-45402 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-4160 中 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_openssl/pulls/29
> CVE-2022-0778 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/third_party_openssl/pulls/34
> CVE-2022-0886 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/143
> CVE-2022-1055 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0995 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2021-39698 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0494 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-1048 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-1016 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2021-39686 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0500 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/163
> CVE-2022-28390 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28389 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28388 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28893 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-1353 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-29156 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-29156 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28356 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2019-16089 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/152
> CVE-2021-4156 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/third_party_libsnd/pulls/10
> CVE-2022-22576 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27775 低 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27776 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27774 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release 链接<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2021-3520 严重 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS 链接<
https://gitee.com/openharmony/third_party_lz4/pulls/2
> CVE-2021-44732 严重 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_mbedtls/pulls/31
> CVE-2021-36690 高 OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS 链接<
https://gitee.com/openharmony/third_party_sqlite/pulls/4
> CVE-2021-3732 低 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS 链接<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/180
> CVE-2021-22570 高 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS 链接<
https://gitee.com/openharmony/third_party_protobuf/pulls/26
> CVE-2021-22569 中 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS 链接<
https://gitee.com/openharmony/third_party_protobuf/pulls/27
> Security Vulnerabilities in June 2022 published June 6,2022 Vulnerability ID related Vulnerability Vulnerability Descripton Vulnerability Impact affected versions affected projects fix link reference OpenHarmony-SA-2022-0601 NA The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object. Local attackers can bypass authenication and crash the server process. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release notification_ces_standard Link<
https://gitee.com/openharmony/notification_common_event_service/pulls/269
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0602 NA The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and get system control. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS notification_ces_standard Link<
https://gitee.com/openharmony/notification_common_event_service/pulls/245
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0603 NA The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and get system control. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS update_updateservice Link<
https://gitee.com/openharmony/update_updateservice/pulls/115
> Reported by OpenHarmony Team OpenHarmony-SA-2022-0604 NA The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and get system control. OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS multimedia_media_standard Link<
https://gitee.com/openharmony/multimedia_media_standard/pulls/567
> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-25313 Medium OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25314 High OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25315 Medium OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25235 High OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-25236 Critical OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_expat/pulls/10
> CVE-2022-23308 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS Link<
https://gitee.com/openharmony/third_party_libxml2/pulls/11
> CVE-2022-25375 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-25258 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-0435 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-24959 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-44879 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2022-24958 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-45402 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/146
> CVE-2021-4160 Medium OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_openssl/pulls/29
> CVE-2022-0778 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/third_party_openssl/pulls/34
> CVE-2022-0886 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/143
> CVE-2022-1055 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0995 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2021-39698 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0494 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-1048 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-1016 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2021-39686 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/175
> CVE-2022-0500 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/163
> CVE-2022-28390 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28389 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28388 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28893 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-1353 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-29156 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2022-28356 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/181
> CVE-2019-16089 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/152
> CVE-2021-4156 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/third_party_libsnd/pulls/10
> CVE-2022-22576 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27775 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27776 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2022-27774 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release Link<
https://gitee.com/openharmony/third_party_curl/pulls/52
> CVE-2021-3520 Critical OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS Link<
https://gitee.com/openharmony/third_party_lz4/pulls/2
> CVE-2021-44732 Critical OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_mbedtls/pulls/31
> CVE-2021-36690 High OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS Link<
https://gitee.com/openharmony/third_party_sqlite/pulls/4
> CVE-2021-3732 Low OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS Link<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/180
> CVE-2021-22570 High OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS Link<
https://gitee.com/openharmony/third_party_protobuf/pulls/26
> CVE-2021-22569 Medium OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS Link<
https://gitee.com/openharmony/third_party_protobuf/pulls/27
>
1 year, 10 months
1
0
0
0
← Newer
1
Older →
Jump to page:
1
Results per page:
10
25
50
100
200