发布于2022.11.1
最后更新于2022.11.11
|
漏洞编号 |
相关漏洞 |
漏洞描述 |
漏洞影响 |
CVSS3.1基础得分 |
受影响的版本 |
受影响的仓库 |
修复链接 |
参考链接 |
|
OpenHarmony-SA-2022-1101 |
CVE-2022-43451 |
启动子系统appspawn和nwebspawn服务存在路径穿越漏洞。 |
攻击者可在本地发起攻击,造成任意路径穿越,可穿越沙箱。如果结合其他漏洞可进一步获取root权限。 |
8.4 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
startup_appspawn |
本项目组上报 |
|
|
OpenHarmony-SA-2022-1102 |
CVE-2022-43449 |
download_server存在任意文件读取漏洞。 |
攻击者可在本地发起攻击,读取文件系统上任意可被download_server访问的文件。 |
6.2 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
request_request |
本项目组上报 |
|
|
OpenHarmony-SA-2022-1103 |
CVE-2022-43495 |
distributedhardware_device_manage在设备组网过程中收到异常报文会导致设备重启。 |
攻击者可在局域网发起攻击,在设备组网过程中,发送恶意报文,可造成空指针解引用,设备重启。 |
6.5 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
distributedhardware_device_manager |
本项目组上报 |
|
CVE |
严重程度 |
受影响的OpenHarmony版本 |
修复链接 |
|
CVE-2022-2295 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2294 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-26373 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-23816 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-29901 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-29900 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2481 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2480 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2478 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2477 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-30790 |
严重 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release |
|
|
CVE-2022-1462 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-1184 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-2663 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39190 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39189 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-40674 |
严重 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-3202 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3199 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
published November 1,2022
updated November 1,2022
|
Vulnerability ID |
related Vulnerability |
Vulnerability Description |
Vulnerability Impact |
CVSS3.1 Base Score |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2022-1101 |
CVE-2022-43451 |
Multiple path traversal in appspawn and nwebspawn services. |
Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow
an unprivileged process to gain full root privileges. |
8.4 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
startup_appspawn |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-1102 |
CVE-2022-43449 |
Arbitrary file read via download_server. |
Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server
service which run with UID 1000. |
6.2 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
request_request |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-1103 |
CVE-2022-43495 |
An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. |
Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. |
6.5 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
distributedhardware_device_manager |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2022-2295 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2294 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-26373 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-23816 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-29901 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-29900 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2481 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2480 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2478 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2477 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-30790 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release |
|
|
CVE-2022-1462 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-1184 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-2663 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39190 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39189 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-40674 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-3202 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3199 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |