lists.openatom.io
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
List overview
Download
Security-bulletin
January 2023
----- 2024 -----
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
security@openharmony.io
1 participants
1 discussions
Start a n
N
ew thread
OpenHarmony 2023年01月安全公告 Security Vulnerabilities in January 2023
by Liuxu (louis)
2023年01月安全漏洞 发布于2022.01.03 最后更新于2022.01.03 漏洞编号 相关漏洞 漏洞描述 漏洞影响 CVSS3.1基础得分 受影响的版本 受影响的仓库 修复链接 参考链接 OpenHarmony-SA-2023-0101 CVE-2023-0035 通信子系统软总线部件softbus_client_stub存在校验绕过漏洞,可发起SA中继攻击。 攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。 6.5 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS communication_dsoftbus 3.0.x<
https://gitee.com/openharmony/communication_dsoftbus/pulls/2140
> 本项目组上报 OpenHarmony-SA-2023-0102 CVE-2023-0036 杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞,可发起SA中继攻击。 攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。 6.5 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS inputmethod_imf 3.0.x<
https://gitee.com/openharmony/inputmethod_imf/pulls/228
> 本项目组上报 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE 严重程度 受影响的OpenHarmony版本 修复链接 CVE-2021-3782 严重 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.0.x<
https://gitee.com/openharmony/third_party_wayland_standard/pulls/22
> CVE-2022-3046 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3041 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3040 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3039 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3038 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3057 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3195 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3054 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3075 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3373 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3370 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3311 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3316 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3315 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3304 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-43680 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_expat/pulls/23
> 3.0.x<
https://gitee.com/openharmony/third_party_expat/pulls/22
> CVE-2022-32221 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-42916 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-42915 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-44638 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_pixman/pulls/11
> 3.0.x<
https://gitee.com/openharmony/third_party_pixman/pulls/12
> CVE-2022-40284 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33
> CVE-2022-40303 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/31
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/32
> CVE-2022-40304 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/31
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/32
> CVE-2022-37454 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/35
> CVE-2022-42919 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/36
> CVE-2022-45061 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/37
> CVE-2020-10735 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/26
> CVE-2022-3169 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/553
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/561
> CVE-2022-42895 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/544
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/545
> CVE-2022-42896 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/544
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/545
> CVE-2022-41858 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/569
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/570
> CVE-2022-45934 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/586
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/587
> CVE-2022-4139 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/567
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/568
> CVE-2022-20566 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/582
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/583
> CVE-2022-4378 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/586
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/587
> Security Vulnerabilities in January 2023 published January 3,2023 updated January 3,2023 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2023-0101 CVE-2023-0035 softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and attack other SAs with high privilege. 6.5 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS communication_dsoftbus 3.0.x<
https://gitee.com/openharmony/communication_dsoftbus/pulls/2140
> Reported by OpenHarmony Team OpenHarmony-SA-2023-0102 CVE-2023-0036 platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and attack other SAs with high privilege. 6.5 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS inputmethod_imf 3.0.x<
https://gitee.com/openharmony/inputmethod_imf/pulls/228
> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2021-3782 Critical OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.0.x<
https://gitee.com/openharmony/third_party_wayland_standard/pulls/22
> CVE-2022-3046 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3041 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3040 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3039 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3038 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3057 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3195 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3054 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3075 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/349
> CVE-2022-3373 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3370 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3311 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3316 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3315 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-3304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/web_webview/pulls/464
> CVE-2022-43680 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_expat/pulls/23
> 3.0.x<
https://gitee.com/openharmony/third_party_expat/pulls/22
> CVE-2022-32221 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-42916 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-42915 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<
https://gitee.com/openharmony/third_party_curl/pulls/91
> 3.0.x<
https://gitee.com/openharmony/third_party_curl/pulls/90
> CVE-2022-44638 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_pixman/pulls/11
> 3.0.x<
https://gitee.com/openharmony/third_party_pixman/pulls/12
> CVE-2022-40284 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33
> CVE-2022-40303 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/31
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/32
> CVE-2022-40304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/31
> 3.0.x<
https://gitee.com/openharmony/third_party_libxml2/pulls/32
> CVE-2022-37454 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/35
> CVE-2022-42919 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/36
> CVE-2022-45061 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/37
> CVE-2020-10735 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<
https://gitee.com/openharmony/third_party_python/pulls/26
> CVE-2022-3169 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/553
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/561
> CVE-2022-42895 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/544
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/545
> CVE-2022-42896 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/544
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/545
> CVE-2022-41858 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/569
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/570
> CVE-2022-45934 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/586
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/587
> CVE-2022-4139 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/567
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/568
> CVE-2022-20566 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/582
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/583
> CVE-2022-4378 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/586
> 3.0.x<
https://gitee.com/openharmony/kernel_linux_5.10/pulls/587
>
1 year, 3 months
1
0
0
0
← Newer
1
Older →
Jump to page:
1
Results per page:
10
25
50
100
200