admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-12-29 03:17:48 +00:00
parent 537296ada9
commit 1e52689216
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
29 changed files with 3474 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
2020/1xxx/CVE-2020-1818.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1818", "ID": "CVE-2020-1818",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1819.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1819", "ID": "CVE-2020-1819",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1820.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1820", "ID": "CVE-2020-1820",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1821.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1821", "ID": "CVE-2020-1821",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1822.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1822", "ID": "CVE-2020-1822",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1823.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1823", "ID": "CVE-2020-1823",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

222
2020/1xxx/CVE-2020-1824.json
View File

@ -1,17 +1,231 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-1824", "ID": "CVE-2020-1824",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "IPS Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NGFW Module",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R002C00"
},
{
"version_affected": "=",
"version_value": "V500R002C20"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "NIP6800",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6300",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6500",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R001C60"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "Secospace USG6600",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R001C30"
},
{
"version_affected": "=",
"version_value": "V500R005C00"
}
]
}
},
{
"product_name": "USG6000V",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V500R003C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

100
2020/9xxx/CVE-2020-9080.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9080", "ID": "CVE-2020-9080",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1.0.135(C01E135R2P8)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro (UD)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1.0.135(C00E135R3P8)"
}
]
}
},
{
"product_name": "HUAWEI nova 5i",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.0.0.125(C01E123R7P3)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

152
2020/9xxx/CVE-2020-9081.json
View File

@ -1,17 +1,161 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9081", "ID": "CVE-2020-9081",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization",
"cweId": "CWE-285"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R3P8)"
},
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P8)"
},
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C01E160R2P8)"
}
]
}
},
{
"product_name": "Princeton-AL10D",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R2P11)"
}
]
}
},
{
"product_name": "Yale-AL00A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
}
},
{
"product_name": "Yale-AL50A",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.88(C00E88R8P1)"
}
]
}
},
{
"product_name": "YaleP-AL10B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00E160R8P12)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

78
2020/9xxx/CVE-2020-9082.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9082", "ID": "CVE-2020-9082",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.160(C00)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-16-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-16-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
} }
] ]
} }

86
2020/9xxx/CVE-2020-9085.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9085", "ID": "CVE-2020-9085",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference",
"cweId": "CWE-476"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI 4G Router B612",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D03SP00C234"
},
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D03SP00C287"
},
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D05SP00C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

86
2020/9xxx/CVE-2020-9086.json
View File

@ -1,17 +1,95 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9086", "ID": "CVE-2020-9086",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-124 Buffer Underwrite ('Buffer Underflow')",
"cweId": "CWE-124"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI 4G Router B612",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D03SP00C234"
},
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D03SP00C287"
},
{
"version_affected": "=",
"version_value": "B612s-25dTCPU-V100R001B192D05SP00C00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
} }
] ]
} }

90
2020/9xxx/CVE-2020-9089.json
View File

@ -1,17 +1,99 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9089", "ID": "CVE-2020-9089",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.120(C431E19R2P5)"
},
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.120(C432E19R2P5)"
},
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.126(C10E11R5P1)"
},
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.126(C461E11R3P1)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }

78
2020/9xxx/CVE-2020-9210.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9210", "ID": "CVE-2020-9210",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value",
"cweId": "CWE-354"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "Myna",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0.1.11(H100SP8C00)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

78
2020/9xxx/CVE-2020-9211.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9211", "ID": "CVE-2020-9211",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. (Vulnerability ID: HWPSIRT-2020-05103)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9211."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 30",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.1.0.126(C00E125R5P3)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

94
2020/9xxx/CVE-2020-9222.json
View File

@ -1,17 +1,103 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9222", "ID": "CVE-2020-9222",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "FusionCompute",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.3.0"
},
{
"version_affected": "=",
"version_value": "6.3.1"
},
{
"version_affected": "=",
"version_value": "6.5.0"
},
{
"version_affected": "=",
"version_value": "6.5.1"
},
{
"version_affected": "=",
"version_value": "8.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

78
2020/9xxx/CVE-2020-9236.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9236", "ID": "CVE-2020-9236",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"cweId": "CWE-451"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "FusionCompute",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

78
2020/9xxx/CVE-2020-9253.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2020-9253", "ID": "CVE-2020-9253",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "Lion-AL00C",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Versions earlier than 10.1.0.150(C00E136R5P3)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

60
2021/22xxx/CVE-2021-22484.json
View File

@ -1,18 +1,70 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-22484", "ID": "CVE-2021-22484",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.\n\n\n\n\nSuccessful exploitation of this vulnerability may cause a server out of memory (OOM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
}
} }

78
2021/37xxx/CVE-2021-37000.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2021-37000", "ID": "CVE-2021-37000",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Some Huawei wearables have a permission management vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management Errors",
"cweId": "CWE-255"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
} }
] ]
} }

78
2022/48xxx/CVE-2022-48470.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-48470", "ID": "CVE-2022-48470",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness",
"cweId": "CWE-305"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HarmonyOS AILife Solution 6.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "HiLink AI Life 12.0.2.305"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
} }
] ]
} }

159
2022/49xxx/CVE-2022-49034.json
View File

@ -1,18 +1,169 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2022-49034", "ID": "CVE-2022-49034",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@kernel.org",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected,\ncpu_max_bits_warn() generates a runtime warning similar as below when\nshowing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"version_value": "8fbb57eabfc8ae67115cb47f904614c99d626a89"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "4.19.325",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89"
},
{
"url": "https://git.kernel.org/stable/c/f8f26cf69003a37ffa947631fc0e6fe6daee624a",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f8f26cf69003a37ffa947631fc0e6fe6daee624a"
},
{
"url": "https://git.kernel.org/stable/c/77755dc95ff2f9a3e473acc1e039f498629949ea",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/77755dc95ff2f9a3e473acc1e039f498629949ea"
},
{
"url": "https://git.kernel.org/stable/c/e2b91997db286a5dd3cca6d5d9c20004851f22eb",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/e2b91997db286a5dd3cca6d5d9c20004851f22eb"
},
{
"url": "https://git.kernel.org/stable/c/2b6b8e011fab680a223b5e07a3c64774156ec6fe",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/2b6b8e011fab680a223b5e07a3c64774156ec6fe"
},
{
"url": "https://git.kernel.org/stable/c/09faf32c682ea4a547200b8b9e04d8b3c8e84b55",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/09faf32c682ea4a547200b8b9e04d8b3c8e84b55"
},
{
"url": "https://git.kernel.org/stable/c/39373f6f89f52770a5405d30dddd08a27d097872",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/39373f6f89f52770a5405d30dddd08a27d097872"
},
{
"url": "https://git.kernel.org/stable/c/701e32900683378d93693fec15d133e2c5f7ada2",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/701e32900683378d93693fec15d133e2c5f7ada2"
},
{
"url": "https://git.kernel.org/stable/c/3c891f7c6a4e90bb1199497552f24b26e46383bc",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/3c891f7c6a4e90bb1199497552f24b26e46383bc"
}
]
},
"generator": {
"engine": "bippy-5f407fcff5a0"
}
} }

170
2023/52xxx/CVE-2023-52718.json
View File

@ -1,17 +1,179 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-52718", "ID": "CVE-2023-52718",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-420 Unprotected Alternate Channel",
"cweId": "CWE-420"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "PT9030-15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.266"
}
]
}
},
{
"product_name": "WS7206-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.5.19"
},
{
"version_affected": "=",
"version_value": "2.1.0.203"
}
]
}
},
{
"product_name": "WS7290-15",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.266"
}
]
}
},
{
"product_name": "WS8000-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WS8000-16 3.0.3.236"
}
]
}
},
{
"product_name": "WS8001-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.242"
}
]
}
},
{
"product_name": "WS8002-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.242"
}
]
}
},
{
"product_name": "WS8500-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WS8500-16 3.0.3.235"
}
]
}
},
{
"product_name": "WS8502-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.242"
}
]
}
},
{
"product_name": "WS8700-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.3.251"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en",
"refsource": "MISC",
"name": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
} }
] ]
} }

78
2023/7xxx/CVE-2023-7263.json
View File

@ -1,17 +1,87 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-7263", "ID": "CVE-2023-7263",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7263"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-35 Path Traversal",
"cweId": "CWE-35"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "HarmonyOS AILife Solution 8.0",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "HarmonyOS AILife Audio Service 3.0.2.307"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
} }
] ]
} }

100
2023/7xxx/CVE-2023-7266.json
View File

@ -1,17 +1,109 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2023-7266", "ID": "CVE-2023-7266",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "psirt@huawei.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-420 Unprotected Alternate Channel",
"cweId": "CWE-420"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Huawei",
"product": {
"product_data": [
{
"product_name": "TC7001-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.0.336(SP6C300)"
}
]
}
},
{
"product_name": "WS7200-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WS7200-10-OTA 3.0.3.215-fullpackage(auto_1)"
}
]
}
},
{
"product_name": "WS7206-10",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "WS7206-10-OTA 4.0.0.16(V3R2)-fullpackage(auto)"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en",
"refsource": "MISC",
"name": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
} }
] ]
} }

83
2024/11xxx/CVE-2024-11605.json
View File

@ -1,18 +1,93 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11605", "ID": "CVE-2024-11605",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "contact@wpscan.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "wp-publications",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.2"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Zeynalxan Quliyev"
},
{
"lang": "en",
"value": "Revan Poladl\u0131"
},
{
"lang": "en",
"value": "WPScan"
}
]
} }

79
2024/11xxx/CVE-2024-11644.json
View File

@ -1,18 +1,89 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11644", "ID": "CVE-2024-11644",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "contact@wpscan.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "WP-SVG",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.9"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/5b6a80f1-369c-4dd2-877e-60b724084819/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/5b6a80f1-369c-4dd2-877e-60b724084819/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Bob Matyas"
},
{
"lang": "en",
"value": "WPScan"
}
]
} }

79
2024/11xxx/CVE-2024-11645.json
View File

@ -1,18 +1,89 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11645", "ID": "CVE-2024-11645",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "contact@wpscan.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-Site Scripting (XSS)"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "float block",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.7"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/7771a76b-bc8c-426f-a125-5bd74ccf2845/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Bob Matyas"
},
{
"lang": "en",
"value": "WPScan"
}
]
} }

70
2024/11xxx/CVE-2024-11842.json
View File

@ -1,18 +1,80 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-11842", "ID": "CVE-2024-11842",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "contact@wpscan.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
} }
] ]
} }
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "DN Shipping by Weight for WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://wpscan.com/vulnerability/2545f054-b6ca-4ee5-ac6f-f42193db21b1/",
"refsource": "MISC",
"name": "https://wpscan.com/vulnerability/2545f054-b6ca-4ee5-ac6f-f42193db21b1/"
}
]
},
"generator": {
"engine": "WPScan CVE Generator"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Bob Matyas"
},
{
"lang": "en",
"value": "WPScan"
}
]
} }