Shodan
Vulnerabilities
Vulnerable Software
Openatom:  Security Vulnerabilities
CVE-2022-41686
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-10-14
CVE-2022-38701
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
CVSS Score
6.2
EPSS Score
0.0
Published
2022-09-09
CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-09-09
CVE-2021-33643
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
CVSS Score
9.1
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33644
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33645
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33646
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-10
CVE-2021-33656
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-07-18
CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-03-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved