CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45877 – PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
https://notcve.org/view.php?id=CVE-2022-45877
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-287: Improper Authentication CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45118 – Telephony in communication subsystem sends public events with personal data, but the permission is not set.
https://notcve.org/view.php?id=CVE-2022-45118
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. OpenHarmony-v3.1.2 y versiones anteriores tenían la vulnerabilidad de que la telefonía en el subsistema de comunicación envía eventos públicos con datos personales, pero el permiso no está establecido. Las aplicaciones maliciosas podrían escuchar eventos públicos y obtener información como números de móviles y datos de SMS sin permisos. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-276: Incorrect Default Permissions CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44455 – The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.
https://notcve.org/view.php?id=CVE-2022-44455
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. Se descubrió que los servicios appspawn y nwebspawn dentro de OpenHarmony-v3.1.2 y versiones anteriores eran vulnerables a la vulnerabilidad de desbordamiento de búfer debido a una validación de entrada insuficiente. Una aplicación maliciosa sin privilegios podría obtener la ejecución de código dentro de cualquier aplicación instalada en el dispositivo o provocar el bloqueo de la aplicación. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41802 – Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
https://notcve.org/view.php?id=CVE-2022-41802
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. El subsistema del kernel dentro de OpenHarmony-v3.1.4 y versiones anteriores en kernel_liteos_a tiene una vulnerabilidad de desbordamiento de la pila del kernel cuando se llama a SysClockGetres. Los datos de relleno de 4 bytes de la pila del kernel se copian incorrectamente en el espacio del usuario y se filtran. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43495 – An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.
https://notcve.org/view.php?id=CVE-2022-43495
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. OpenHarmony-v3.1.2 y versiones anteriores tenían una vulnerabilidad de DOS en distributedhardware_device_manager al unirse a una red. Los atacantes de red pueden enviar un paquete anormal al unirse a una red, provocar una referencia nullptr y reiniciar el dispositivo. • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md • CWE-476: NULL Pointer Dereference •