EUVD-2022-45536

Malicious code in bioql PyPI...

EUVD-2022-48036

Malicious code in bioql PyPI...

CVE-2023-0035

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

Authentication flaw

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035

OpenHarmony you’re looking at: affected product OpenHarmony v3.0.5 and earlier, with the issue in the softbus_client_stub of the communication subsystem. The root cause is an authentication bypass that enables an “SA relay attack,” allowing a local attacker to bypass authentication and target oth...

Information disclosure

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set.

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

CVE-2022-45118

OpenHarmony OpenHarmony-v3.1.2 and earlier versions are affected by CVE-2022-45118. The vulnerability lies in the telephony component of the communication subsystem, which fires public events containing personal data without proper permissions. Malicious apps could listen to these public events a...

PT-2022-27406 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior Description: The issue concerns the telephony component in the communication subsystem of OpenHarmony, which sends public events containing personal data without proper permission settings. This allows...

CVE-2022-42463

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...

CVE-2022-42463

OpenHarmony v3.1.2 and earlier suffer an authentication bypass in the Softbus_server callback handler within the communication subsystem. By sending Bluetooth RFCOMM packets to a remote device, an attacker can cause arbitrary command execution on distributed networks. The issue is documented acro...

CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...

CVE-2022-38701 IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information...