发布于2022.6.6
|
漏洞编号 |
相关漏洞 |
漏洞描述 |
漏洞影响 |
受影响的版本 |
受影响的仓库 |
修复链接 |
参考链接 |
|
OpenHarmony-SA-2022-0601 |
NA |
事件通知子系统反序列化对象时会绕过认证机制。 |
攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
notification_ces_standard |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0602 |
NA |
事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。 |
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
notification_ces_standard |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0603 |
NA |
升级服务组件存在校验绕过漏洞,可发起SA中继攻击。 |
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
update_updateservice |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0604 |
NA |
多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。 |
攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
multimedia_media_standard |
本项目组上报 |
|
CVE |
严重程度 |
受影响的OpenHarmony版本 |
修复链接 |
|
CVE-2022-25313 |
中 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25314 |
高 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25315 |
中 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25235 |
高 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25236 |
严重 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-23308 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS |
|
|
CVE-2022-25375 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-25258 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-0435 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-24959 |
低 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-44879 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-24958 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-45402 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-4160 |
中 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-0778 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-0886 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1055 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-0995 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2021-39698 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-0494 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-1048 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-1016 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2021-39686 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-0500 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-28390 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-28389 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-28388 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-28893 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-1353 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-29156 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-29156 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-28356 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2019-16089 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-4156 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-22576 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-27775 |
低 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-27776 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2022-27774 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release |
|
|
CVE-2021-3520 |
严重 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS |
|
|
CVE-2021-44732 |
严重 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2021-36690 |
高 |
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS |
|
|
CVE-2021-3732 |
低 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-22570 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS |
|
|
CVE-2021-22569 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS |
published June 6,2022
|
Vulnerability ID |
related Vulnerability |
Vulnerability Descripton |
Vulnerability Impact |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2022-0601 |
NA |
The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object. |
Local attackers can bypass authenication and crash the server process. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
notification_ces_standard |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0602 |
NA |
The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". |
Local attackers can bypass authentication and get system control. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
notification_ces_standard |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0603 |
NA |
The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". |
Local attackers can bypass authentication and get system control. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
update_updateservice |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0604 |
NA |
The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack". |
Local attackers can bypass authentication and get system control. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
multimedia_media_standard |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2022-25313 |
Medium |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25314 |
High |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25315 |
Medium |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25235 |
High |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-25236 |
Critical |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-23308 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS |
|
|
CVE-2022-25375 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-25258 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-0435 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-24959 |
Low |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-44879 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-24958 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-45402 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-4160 |
Medium |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2022-0778 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-0886 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1055 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-0995 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2021-39698 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-0494 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-1048 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-1016 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2021-39686 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-0500 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-28390 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-28389 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-28388 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-28893 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-1353 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-29156 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-28356 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2019-16089 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-4156 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-22576 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-27775 |
Low |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-27776 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2022-27774 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release |
|
|
CVE-2021-3520 |
Critical |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS |
|
|
CVE-2021-44732 |
Critical |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2021-36690 |
High |
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS |
|
|
CVE-2021-3732 |
Low |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2021-22570 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS |
|
|
CVE-2021-22569 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS |