发布于2022.01.03
最后更新于2022.01.03
|
漏洞编号 |
相关漏洞 |
漏洞描述 |
漏洞影响 |
CVSS3.1基础得分 |
受影响的版本 |
受影响的仓库 |
修复链接 |
参考链接 |
|
OpenHarmony-SA-2023-0101 |
CVE-2023-0035 |
通信子系统软总线部件softbus_client_stub存在校验绕过漏洞,可发起SA中继攻击。 |
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。 |
6.5 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
communication_dsoftbus |
本项目组上报 |
|
|
OpenHarmony-SA-2023-0102 |
CVE-2023-0036 |
杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞,可发起SA中继攻击。 |
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。 |
6.5 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
inputmethod_imf |
本项目组上报 |
|
CVE |
严重程度 |
受影响的OpenHarmony版本 |
修复链接 |
|
CVE-2021-3782 |
严重 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |
|
|
CVE-2022-3046 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3041 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3040 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3039 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3038 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3057 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3195 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3054 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3075 |
严重 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3373 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3370 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3311 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3316 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3315 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3304 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-43680 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-32221 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42916 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42915 |
严重 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-44638 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40284 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40303 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40304 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-37454 |
严重 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42919 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-45061 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2020-10735 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3169 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42895 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42896 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-41858 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-45934 |
中 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-4139 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-20566 |
低 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-4378 |
高 |
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release |
published January 3,2023
updated January 3,2023
|
Vulnerability ID |
related Vulnerability |
Vulnerability Description |
Vulnerability Impact |
CVSS3.1 Base Score |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2023-0101 |
CVE-2023-0035 |
softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". |
Local attackers can bypass authentication and attack other SAs with high privilege. |
6.5 |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2023-0102 |
CVE-2023-0036 |
platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack". |
Local attackers can bypass authentication and attack other SAs with high privilege. |
6.5 |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
inputmethod_imf |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2021-3782 |
Critical |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
|
|
CVE-2022-3046 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3041 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3040 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3039 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3038 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3057 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3195 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3054 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3075 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3373 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3370 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3311 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3316 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3315 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-3304 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-43680 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-32221 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42916 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42915 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-44638 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40284 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40303 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-40304 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-37454 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42919 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-45061 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2020-10735 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |
|
|
CVE-2022-3169 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42895 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-42896 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-41858 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-45934 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-4139 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-20566 |
Low |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |
|
|
CVE-2022-4378 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release |