From 527e762832dae7f97724bd4a78045b55e167b72d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 18 Feb 2020 03:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1789.json | 50 ++++++++++++++++++-- 2020/1xxx/CVE-2020-1790.json | 50 ++++++++++++++++++-- 2020/1xxx/CVE-2020-1791.json | 50 ++++++++++++++++++-- 2020/1xxx/CVE-2020-1812.json | 50 ++++++++++++++++++-- 2020/1xxx/CVE-2020-1843.json | 90 ++++++++++++++++++++++++++++++++++-- 2020/1xxx/CVE-2020-1855.json | 60 ++++++++++++++++++++++-- 6 files changed, 332 insertions(+), 18 deletions(-) diff --git a/2020/1xxx/CVE-2020-1789.json b/2020/1xxx/CVE-2020-1789.json index 10c6a76947f..a7405434434 100644 --- a/2020/1xxx/CVE-2020-1789.json +++ b/2020/1xxx/CVE-2020-1789.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X", + "version": { + "version_data": [ + { + "version_value": "1.0.1.21(SP3)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential." } ] } diff --git a/2020/1xxx/CVE-2020-1790.json b/2020/1xxx/CVE-2020-1790.json index 03b40feb514..39ce532e47a 100644 --- a/2020/1xxx/CVE-2020-1790.json +++ b/2020/1xxx/CVE-2020-1790.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "GaussDB 200", + "version": { + "version_data": [ + { + "version_value": "6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-gauss-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-gauss-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands." } ] } diff --git a/2020/1xxx/CVE-2020-1791.json b/2020/1xxx/CVE-2020-1791.json index 2c6ce2ca103..60d54557828 100644 --- a/2020/1xxx/CVE-2020-1791.json +++ b/2020/1xxx/CVE-2020-1791.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 20", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.185(C00E74R3P8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200205-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode." } ] } diff --git a/2020/1xxx/CVE-2020-1812.json b/2020/1xxx/CVE-2020-1812.json index 414ed4994d7..e5b0c4f4d90 100644 --- a/2020/1xxx/CVE-2020-1812.json +++ b/2020/1xxx/CVE-2020-1812.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.173(C00E73R1P11)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-smartphone-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations." } ] } diff --git a/2020/1xxx/CVE-2020-1843.json b/2020/1xxx/CVE-2020-1843.json index 36bc3365df3..642d18742f4 100644 --- a/2020/1xxx/CVE-2020-1843.json +++ b/2020/1xxx/CVE-2020-1843.json @@ -4,14 +4,98 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1843", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HEGE-560", + "version": { + "version_data": [ + { + "version_value": "1.0.1.20(SP2)" + } + ] + } + }, + { + "product_name": "OSCA-550", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP1)" + } + ] + } + }, + { + "product_name": "OSCA-550A", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP1)" + } + ] + } + }, + { + "product_name": "OSCA-550AX", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP2)" + } + ] + } + }, + { + "product_name": "OSCA-550X", + "version": { + "version_data": [ + { + "version_value": "1.0.0.71(SP2)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation." } ] } diff --git a/2020/1xxx/CVE-2020-1855.json b/2020/1xxx/CVE-2020-1855.json index f49f2f159e3..cf2a8bcc61e 100644 --- a/2020/1xxx/CVE-2020-1855.json +++ b/2020/1xxx/CVE-2020-1855.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1855", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HEGE-570", + "version": { + "version_data": [ + { + "version_value": "1.0.1.22(SP3)" + } + ] + } + }, + { + "product_name": "HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X", + "version": { + "version_data": [ + { + "version_value": "1.0.1.21(SP3)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Verification" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal." } ] }