9 matches found
Null pointer dereference
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package...
CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package.
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package...
CVE-2023-24465 Communication Wi-Fi subsystem has a null pointer reference vulnerability when receving external data.
Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash...
Stack overflow
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...
CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...
CVE-2022-41802
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...
Cross site scripting
OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks...
CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...
CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...