发布于2022.8.2
|
漏洞编号 |
相关漏洞 |
漏洞描述 |
漏洞影响 |
受影响的版本 |
受影响的仓库 |
修复链接 |
参考链接 |
|
OpenHarmony-SA-2022-0801 |
NA |
电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。 |
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0802 |
NA |
电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。 |
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0803 |
NA |
电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。 |
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0804 |
NA |
电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。 |
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0806 |
NA |
通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。 |
攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
communication_dsoftbus |
本项目组上报 |
|
CVE |
严重程度 |
受影响的OpenHarmony版本 |
修复链接 |
|
CVE-2022-1729 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-29581 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-20008 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1195 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1516 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-30594 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1012 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-29824 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1475 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-27406 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
3.0.x |
|
CVE-2022-27404 |
严重 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
3.0.x |
|
CVE-2022-1974 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1734 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1199 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1966 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1786 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1280 |
高 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-45868 |
中 |
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS |
published August 2,2022
|
Vulnerability ID |
related Vulnerability |
Vulnerability Descripton |
Vulnerability Impact |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2022-0801 |
NA |
DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. |
Network attackers can access illegal memory and crash the process. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0802 |
NA |
DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. |
Network attackers can access illegal memory and crash the process. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0803 |
NA |
DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. |
Network attackers can access illegal memory and crash the process. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0804 |
NA |
Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability. |
Network attackers can access illegal memory and crash the process. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
telephony_sms_mms |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0806 |
NA |
SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability. |
Local attackers can bypass the permission check, and write any data into network devices. |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2022-1729 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-29581 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-20008 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1195 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1516 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-30594 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1012 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-29824 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-1475 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-27406 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
3.0.x |
|
CVE-2022-27404 |
Critical |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
3.0.x |
|
CVE-2022-1974 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1734 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1199 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1966 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1786 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
|
|
CVE-2022-1280 |
High |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |
|
|
CVE-2022-45868 |
Medium |
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS |