Page 6 of 37 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. OpenHarmony-v3.1.2 y versiones anteriores tenían una vulnerabilidad de DOS en distributedhardware_device_manager al unirse a una red. Los atacantes de red pueden enviar un paquete anormal al unirse a una red, provocar una referencia nullptr y reiniciar el dispositivo. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md • CWE-476: NULL Pointer Dereference •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. OpenHarmony-v3.1.2 y versiones anteriores tenían una vulnerabilidad de lectura de archivos arbitraria a través del servidor de descarga. Los atacantes locales pueden instalar una aplicación maliciosa en el dispositivo y revelar cualquier archivo del sistema de archivos al que pueda acceder el servicio download_server que se ejecuta con UID 1000. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md • CWE-20: Improper Input Validation CWE-552: Files or Directories Accessible to External Parties •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. OpenHarmony-v3.1.2 y versiones anteriores tenían una vulnerabilidad de Multiple path traversal en los servicios appspawn y nwebspawn. Los atacantes locales pueden crear directorios arbitrarios o escapar de la zona de pruebas de la aplicación. Si se encadena con otras vulnerabilidades, permitiría que un proceso sin privilegios obtuviera privilegios completos del root. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. OpenHarmony versiones v3.1.2 y versiones anteriores, 3.0.6 y versiones anteriores, presentan una vulnerabilidad de anulación del pool de memoria del Kernel en el controlador de dispositivo /dev/mmz_userdev. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. OpenHarmony versiones v3.1.2 y versiones anteriores, presentan una vulnerabilidad de omisión de autentificación en una función de callback handler de Softbus_server en el subsistema de comunicación. Los atacantes pueden lanzar ataques en redes distribuidas mediante el envío de paquetes Bluetooth rfcomm a cualquier dispositivo remoto y ejecutando comandos arbitrarios • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md • CWE-287: Improper Authentication •