Security Dashboard

Fermat Security Scanner vulnerability findings across OpenHarmony, CANN, and AI project repositories.

Total Issues
47
Confirmed
9
Repos
23

Issues

View all →
Confirmed[Bug]: N8nWorkflowConverter maps httpRequest to COMPONENT_TYPE_PLUGIN but raises NotImplementedError instead of calling the existing implementation
AI-2026-CONV-001agent-studio2026-05-19by Toan
Issue
FixedXTS mode outLen formula in documentation always yields multiple of 16, but implementation does not
HITLS-2026-CRYPTO-001openHiTLS2026-05-19by Toan
Issue
Fixed[Bug]: Incorrect Comments about the reserve blocks property/invariant in XTS mode documentation
HITLS-2026-CRYPTO-002openHiTLS2026-05-19by Toan
Issue
Confirmed[Bug]: Any operation (Update, Reinit, Final) succeeds silently after Deinit — producing wrong output
CWE-459 — Incomplete Cleanup
HITLS-2026-CRYPTO-003openHiTLS2026-05-19by Toan
Issue
Confirmed[Bug]: Reinit succeeds from INIT state (before any Update)
CWE-385 — Missing State Tracking
HITLS-2026-CRYPTO-004openHiTLS2026-05-19by Toan
Issue
Confirmedmerge_cpusets returns Err when one operand is empty — empty string split yields unparsable empty element
CWE-20 — Improper Input Validation
KUASAR-2026-KERNEL-001kuasar2026-05-19by Toan
Issue
Confirmedchecked_compute_delta intermediate sum overflows i64 — clock synchronization fails for large timestamps
CWE-190 — Integer Overflow or Wraparound
KUASAR-2026-KERNEL-002kuasar2026-05-19by Toan
Issue
SubmittedGeneratePinCode off-by-one loop condition returns short PIN ~16% of the time, causing intermittent pairing failure
CWE-193 — Off-by-One Error
OH-2026-DEVMGR-003distributedhardware_device_manager2026-05-19by Toan
Issue
SubmittedSetModeImpl accepts any int32_t mode value — missing range validation for SensorMode enum
CWE-20 — Improper Input Validation
OH-2026-DRIVERS-002sensors_sensor_lite2026-05-19by Toan
Issue
SubmittedUnbindServiceProxyParam serialization omits peerTokenId/peerNetworkId/peerUdid — peer silently receives zeroed fields
CWE-1066 — Missing Serialization Control Element
OH-2026-DEVMGR-002distributedhardware_device_manager2026-05-18by Toan
Issue
SubmittedRegisterSensorChannel 使用 malloc 分配 SensorEvent 但未初始化,导致使用未初始化堆内存
CWE-908 — Use of Uninitialized Resource
OH-2026-IPC-007sensors_sensor_lite2026-05-18by Zirui
PoCIssue
SubmittedGetOneCfgFile 路径遍历允许探测任意文件
CWE-22 — Path Traversal
OH-2026-FS-001customization_config_policy2026-05-17by Zirui
PoCIssue
SubmittedParsePermissions 服务端整数溢出导致堆破坏
CWE-190 — Integer Overflow or Wraparound
OH-2026-PERMLITE-005security_permission_lite2026-05-17by Zirui
PoCIssue
SubmittedGetSensorInfos IPC count 字段无上界校验导致整数溢出与堆溢出
CWE-190 — Integer Overflow or Wraparound
OH-2026-IPC-005sensors_sensor_lite2026-05-16by Zirui
PoCIssue
SubmittedDispatchData 未校验 sensorTypeId 导致越界数组访问
CWE-129 — Improper Validation of Array Index
OH-2026-IPC-006sensors_sensor_lite2026-05-16by Zirui
PoCIssue
SubmittedReplyRevokeRuntimePermission 全局缓冲区越界写入
CWE-129 — Improper Validation of Array Index
OH-2026-PERMLITE-001security_permission_lite2026-05-15by Zirui
PoCIssue
SubmittedNativeWindow API va_arg 指针未校验
CWE-457 — Use of Uninitialized Variable
OH-2026-GRAPHIC-001graphic_graphic_surface2026-05-11by Zirui
Issue
SubmittedCJ_GetCfgDirList / CJ_GetCfgFiles Use-After-Free
CWE-416 — Use After Free
OH-2026-CFGPOLICY-001customization_config_policy2026-05-08by Zirui
Issue
SubmittedWiFi Display IPC Stub 缺少鉴权检查
CWE-862 — Missing Authorization
OH-2026-CAST-001castengine_wifi_display2026-05-07by Zirui
Issue
Submitteddevice_auth IPC 回调 Stub 参数提取失败时 NULL 传入回调函数
CWE-476 — NULL Pointer Dereference
OH-2026-DEVAUTH-001security_device_auth2026-05-07by Zirui
Issue
SubmittedCamera HAL ReadMetadata 系列函数空指针解引用
CWE-476 — NULL Pointer Dereference
OH-2026-DRIVERS-001drivers_interface2026-05-07by Zirui
Issue
SubmittedBusCenterExObjStub 和 TransSpecObjectStub 的 OnRemoteRequest 缺少调用者身份验证
CWE-862 — Missing Authorization
OH-2026-DSOFTBUS-001communication_dsoftbus2026-05-07by Zirui
Issue
SubmittedProcessSkeleton::UnFlattenDBinderData 任意地址读取漏洞
CWE-822 — Untrusted Pointer Dereference
OH-2026-IPC-001communication_ipc2026-05-07by Zirui
Issue
SubmittedReadBoolVector 缺少数组大小上界检查导致 OOM 拒绝服务
CWE-789 — Memory Allocation with Excessive Size Value
OH-2026-IPC-002communication_ipc2026-05-07by Zirui
Issue
SubmittedGetDataBusName 中 ReadString 返回值未检查导致空指针崩溃
CWE-476 — NULL Pointer Dereference
OH-2026-IPC-003communication_ipc2026-05-07by Zirui
Issue
Submitteddbinder UnFlattenDBinderData 跨设备通信中未验证指针导致内存读取异常
CWE-20 — Improper Input Validation
OH-2026-IPC-004communication_ipc2026-05-07by Zirui
Issue
SubmittedFirstUseDialog::SendSaveEventHandler 未检查 secHandler_ 空指针
CWE-476 — NULL Pointer Dereference
OH-2026-SECCOMP-001security_security_component_manager2026-05-07by Zirui
Issue
SubmittedSecCompClient::GetInstance 在 OOM 时解引用空指针
CWE-476 — NULL Pointer Dereference
OH-2026-SECCOMP-002security_security_component_manager2026-05-07by Zirui
Issue
SubmittedWindowInfoHelper::TryGetWindowInfo 在 find_if lambda 中解引用可能为空的 sptr
CWE-476 — NULL Pointer Dereference
OH-2026-SECCOMP-003security_security_component_manager2026-05-07by Zirui
Issue
SubmittedTelephonyObserver::OnNetworkStateUpdatedInner 未检查 Unmarshalling 返回值导致空指针崩溃
CWE-476 — NULL Pointer Dereference
OH-2026-TELREG-001telephony_state_registry2026-05-07by Zirui
Issue
SubmittedEventListenerHandler 多个 Work* 函数在 napi_open_handle_scope 失败后继续执行
CWE-476 — NULL Pointer Dereference
OH-2026-TELREG-002telephony_state_registry2026-05-07by Zirui
Issue
SubmittedTelephonyStateRegistryService::UpdateNetworkState 在 EXT_WRAPPER 分支未检查 network...
CWE-476 — NULL Pointer Dereference
OH-2026-TELREG-003telephony_state_registry2026-05-07by Zirui
Issue
ConfirmedIpcServerStub::OnRemoteRequest 缺少调用者身份验证
CWE-862 — Missing Authorization
OH-2026-DEVMGR-001distributedhardware_device_manager2026-05-03by Zirui
Issue
SubmittedLiteIPC LiteIpcTaskInit 返回值未检查导致 NULL 指针解引用
CWE-476 — NULL Pointer Dereference
OH-2026-KERNEL-001kernel_liteos_a2026-05-03by Zirui
Issue
SubmittedParallelTcpServer ctx.erase(fd) 值传递导致客户端上下文泄漏
CWE-775 — Missing Release of File Descriptor after Effective Lifetime
CANN-2026-PYTORCH-001pytorch2026-04-29by Zirui
Issue
SubmittedSoftBusChannel::ExecuteCommand 中 static_cast<int32_t> 截断 size_t 导致堆溢出风险
CWE-190 — Integer Overflow or Wraparound
OH-2026-ACCESSTOKEN-001security_access_token2026-04-29by Zirui
Issue
SubmittedTokenSyncManagerStub::OnRemoteRequest 缺少 VerifyAccessToken 授权检查
CWE-190 — Integer Overflow or Wraparound
OH-2026-ACCESSTOKEN-002security_access_token2026-04-29by Zirui
Issue
SubmittedLite 版 APPVERI_SetDebugMode() 无授权检查
CWE-749 — Exposed Dangerous Method or Function
OH-2026-APPVERIFY-001security_appverify2026-04-29by Zirui
Issue
SubmittedAotCompilerInterfaceStub::OnRemoteRequest 缺少调用者身份验证
CWE-306 — Missing Authentication for Critical Function
OH-2026-ARK-001arkcompiler_ets_runtime2026-04-29by Zirui
Issue
SubmittedIPC 回调从 IPC 数据读取函数指针并直接调用
CWE-822 — Untrusted Pointer Dereference
OH-2026-DEVAUTH-PTR-001security_device_auth2026-04-29by Zirui
Issue
SubmittedRESTORE_CODE 路径跳过 CheckPermission 权限检查
CWE-862 — Missing Authorization
OH-2026-DEVAUTH-RESTORE-001security_device_auth2026-04-29by Zirui
Issue
SubmittedDSoftBus 动态加载 Stub 的 OnRemoteRequest 缺少授权检查
CWE-20 — Improper Input Validation
OH-2026-DSOFTBUS-DYN-001communication_dsoftbus2026-04-29by Zirui
Issue
SubmittedDSoftBus IPC Inner Handler 从 MessageParcel 读取长度后未做边界检查即用于内存操作
CWE-20 — Improper Input Validation
OH-2026-DSOFTBUS-DYN-002communication_dsoftbus2026-04-29by Zirui
Issue
SubmittedGetInfoFromSplitKey 中 atol() 返回值未验证直接用于 strcpy_s
CWE-20 — Improper Input Validation
OH-2026-DSOFTBUS-DYN-003communication_dsoftbus2026-04-29by Zirui
Issue
SubmittedHUKS 设备认证签名路径硬编码 RSA-2048 私钥
CWE-321 — Use of Hard-coded Cryptographic Key
OH-2026-HUKS-001security_huks2026-04-29by Zirui
Issue
SubmittedCallManagerService 部分方法缺少权限检查
CWE-862 — Missing Authorization
OH-2026-TEL-001telephony_call_manager2026-04-29by Zirui
Issue
Fixed密钥协商共享密钥(异步路径)未清零
CWE-244 — Improper Clearing of Heap Memory Before Release
OH-2026-CRYPTO-001security_crypto_framework2026-04-23by Zirui
Issue