CVE-2022-38064 – windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.
https://notcve.org/view.php?id=CVE-2022-38064
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. OpenHarmony versiones v3.1.2 y anteriores, presentan una vulnerabilidad de omisión de permisos. Los atacantes locales pueden omitir el control de permisos y conseguir información confidencial • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVE-2022-36423 – Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
https://notcve.org/view.php?id=CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. OpenHarmony versiones v3.1.2 y anteriores, presentan una configuración incorrecta de la biblioteca cJSON, que conlleva a una vulnerabilidad de desbordamiento de pila durante el análisis recursivo. Los atacantes de la LAN pueden conllevar a un ataque DoS a todos los dispositivos de la red • https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md • CWE-16: Configuration CWE-787: Out-of-bounds Write •