diff --git a/2020/12xxx/CVE-2020-12930.json b/2020/12xxx/CVE-2020-12930.json index b9f72d42ba4..c67e1c481ba 100644 --- a/2020/12xxx/CVE-2020-12930.json +++ b/2020/12xxx/CVE-2020-12930.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2020-12930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12931.json b/2020/12xxx/CVE-2020-12931.json index 4d306fa9a07..ca00d6ff798 100644 --- a/2020/12xxx/CVE-2020-12931.json +++ b/2020/12xxx/CVE-2020-12931.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2020-12931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26360.json b/2021/26xxx/CVE-2021-26360.json index 5fbf44b065a..b36fff680ba 100644 --- a/2021/26xxx/CVE-2021-26360.json +++ b/2021/26xxx/CVE-2021-26360.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26391.json b/2021/26xxx/CVE-2021-26391.json index 7013621ac2d..edaa0d109ec 100644 --- a/2021/26xxx/CVE-2021-26391.json +++ b/2021/26xxx/CVE-2021-26391.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + }, + { + "product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26392.json b/2021/26xxx/CVE-2021-26392.json index cce54e34b81..42fc6b6db09 100644 --- a/2021/26xxx/CVE-2021-26392.json +++ b/2021/26xxx/CVE-2021-26392.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26392", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + }, + { + "product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/26xxx/CVE-2021-26393.json b/2021/26xxx/CVE-2021-26393.json index 93640c29a7b..5d98e164292 100644 --- a/2021/26xxx/CVE-2021-26393.json +++ b/2021/26xxx/CVE-2021-26393.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2021-26393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + }, + { + "product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Radeon Software", + "version_value": "22.5.2" + }, + { + "version_affected": "<", + "version_name": "AMD Radeon Pro Software Enterprise", + "version_value": "22.Q2" + }, + { + "version_affected": "<", + "version_name": "Enterprise Driver", + "version_value": "22.10.20" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "TBD" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" + } + ] + }, + "source": { + "advisory": "AMD-SB-1029", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46851.json b/2021/46xxx/CVE-2021-46851.json index 7646ce46577..5f0afdbcdc5 100644 --- a/2021/46xxx/CVE-2021-46851.json +++ b/2021/46xxx/CVE-2021-46851.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-46851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unstrict verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2021/46xxx/CVE-2021-46852.json b/2021/46xxx/CVE-2021-46852.json index 290c7fbf9a8..0132eb82e29 100644 --- a/2021/46xxx/CVE-2021-46852.json +++ b/2021/46xxx/CVE-2021-46852.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-46852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Logic bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/23xxx/CVE-2022-23824.json b/2022/23xxx/CVE-2022-23824.json index e9fa1e02702..d5e4bf7920f 100644 --- a/2022/23xxx/CVE-2022-23824.json +++ b/2022/23xxx/CVE-2022-23824.json @@ -1,18 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2022-23824", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Processors", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_name": "Processor ", + "version_value": "various " + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/23xxx/CVE-2022-23831.json b/2022/23xxx/CVE-2022-23831.json index 7de56d5d087..1049efeff00 100644 --- a/2022/23xxx/CVE-2022-23831.json +++ b/2022/23xxx/CVE-2022-23831.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2022-23831", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD \u03bcProf ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMDuProf_FreeBSD_x64", + "version_value": "3.6.549" + }, + { + "version_affected": "<", + "version_name": "AMDuProf Windows", + "version_value": "3.6.839" + }, + { + "version_affected": "<", + "version_name": "AMDuProf Linux", + "version_value": "3.6-449" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046" + } + ] + }, + "source": { + "advisory": "AMD-SB-1046", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27673.json b/2022/27xxx/CVE-2022-27673.json index 4bb310f0d63..ac4b19d1938 100644 --- a/2022/27xxx/CVE-2022-27673.json +++ b/2022/27xxx/CVE-2022-27673.json @@ -1,18 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2022-27673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD Link Android ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMD Link Android/TV ", + "version_value": "5.0.220614" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient access controls in the AMD Link Android app may potentially result in information disclosure." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1047", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1047" + } + ] + }, + "source": { + "advisory": "AMD-SB-1047", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/27xxx/CVE-2022-27674.json b/2022/27xxx/CVE-2022-27674.json index ecb0e0cdbec..4642247ba29 100644 --- a/2022/27xxx/CVE-2022-27674.json +++ b/2022/27xxx/CVE-2022-27674.json @@ -1,18 +1,82 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@amd.com", + "DATE_PUBLIC": "2022-11-08T17:00:00.000Z", "ID": "CVE-2022-27674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AMD \u03bcProf ", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "AMDuProf_FreeBSD_x64", + "version_value": "3.6.549" + }, + { + "version_affected": "<", + "version_name": "AMDuProf Windows", + "version_value": "3.6.839" + }, + { + "version_affected": "<", + "version_name": "AMDuProf Linux", + "version_value": "3.6-449" + } + ] + } + } + ] + }, + "vendor_name": "AMD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "NA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046", + "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046" + } + ] + }, + "source": { + "advisory": "AMD-SB-1046", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/29xxx/CVE-2022-29836.json b/2022/29xxx/CVE-2022-29836.json index 1f4661eab7d..686575efe94 100644 --- a/2022/29xxx/CVE-2022-29836.json +++ b/2022/29xxx/CVE-2022-29836.json @@ -1,18 +1,120 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-29836", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "My Cloud Home", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_name": "My Cloud Home ", + "version_value": "8.11.0-113" + }, + { + "platform": "Linux", + "version_affected": "<", + "version_name": "My Cloud Home Duo", + "version_value": "8.11.0-113" + } + ] + } + } + ] + }, + "vendor_name": "Western Digital" + }, + { + "product": { + "product_data": [ + { + "product_name": "ibi", + "version": { + "version_data": [ + { + "platform": "Linux", + "version_affected": "<", + "version_name": "ibi", + "version_value": "8.11.0-113" + } + ] + } + } + ] + }, + "vendor_name": "SanDisk" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 1.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.westerndigital.com", + "name": "https://www.westerndigital.com" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Your My Cloud Home and ibi device will be automatically updated to reflect the latest firmware version." + } + ], + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31685.json b/2022/31xxx/CVE-2022-31685.json index cd89a5068c9..3ef364f6366 100644 --- a/2022/31xxx/CVE-2022-31685.json +++ b/2022/31xxx/CVE-2022-31685.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Assist", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Assist prior to 22.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application." } ] } diff --git a/2022/31xxx/CVE-2022-31686.json b/2022/31xxx/CVE-2022-31686.json index e248ca7daf4..2bf02b87a83 100644 --- a/2022/31xxx/CVE-2022-31686.json +++ b/2022/31xxx/CVE-2022-31686.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Assist", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Assist prior to 22.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken Authentication Method" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application." } ] } diff --git a/2022/31xxx/CVE-2022-31687.json b/2022/31xxx/CVE-2022-31687.json index cb2ae257487..58e9266f276 100644 --- a/2022/31xxx/CVE-2022-31687.json +++ b/2022/31xxx/CVE-2022-31687.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Assist", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Assist prior to 22.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application." } ] } diff --git a/2022/31xxx/CVE-2022-31688.json b/2022/31xxx/CVE-2022-31688.json index 537acb0e5a3..35d6ac6b549 100644 --- a/2022/31xxx/CVE-2022-31688.json +++ b/2022/31xxx/CVE-2022-31688.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Assist", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Assist prior to 22.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window." } ] } diff --git a/2022/31xxx/CVE-2022-31689.json b/2022/31xxx/CVE-2022-31689.json index 4d0ead73b0a..ad375239842 100644 --- a/2022/31xxx/CVE-2022-31689.json +++ b/2022/31xxx/CVE-2022-31689.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-31689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "VMware Workspace ONE Assist", + "version": { + "version_data": [ + { + "version_value": "VMware Workspace ONE Assist prior to 22.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Session fixation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token." } ] } diff --git a/2022/39xxx/CVE-2022-39390.json b/2022/39xxx/CVE-2022-39390.json index 47a0ca4e0c0..0f08c7925a8 100644 --- a/2022/39xxx/CVE-2022-39390.json +++ b/2022/39xxx/CVE-2022-39390.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-39390", - "ASSIGNER": "security-advisories@github.com", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, "description": { @@ -15,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2022/43xxx/CVE-2022-43031.json b/2022/43xxx/CVE-2022-43031.json index c569b6fe052..ebc002a8318 100644 --- a/2022/43xxx/CVE-2022-43031.json +++ b/2022/43xxx/CVE-2022-43031.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43031", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43031", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/cai-niao98/Dedecmsv6", + "url": "https://github.com/cai-niao98/Dedecmsv6" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b75243eda0b", + "url": "https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b75243eda0b" } ] } diff --git a/2022/43xxx/CVE-2022-43058.json b/2022/43xxx/CVE-2022-43058.json index 2b035a3a3a7..ec99ebf6441 100644 --- a/2022/43xxx/CVE-2022-43058.json +++ b/2022/43xxx/CVE-2022-43058.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43058", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43058", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/ctg503/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md", + "url": "https://github.com/ctg503/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md" } ] } diff --git a/2022/43xxx/CVE-2022-43310.json b/2022/43xxx/CVE-2022-43310.json index f05661fab32..8d4996eafce 100644 --- a/2022/43xxx/CVE-2022-43310.json +++ b/2022/43xxx/CVE-2022-43310.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-43310", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-43310", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.foxitsoftware.cn/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.cn/support/security-bulletins.html" + }, + { + "url": "https://github.com/hxxt9049/futing", + "refsource": "MISC", + "name": "https://github.com/hxxt9049/futing" } ] } diff --git a/2022/44xxx/CVE-2022-44546.json b/2022/44xxx/CVE-2022-44546.json index 46bed8b4a97..f7b66c60d77 100644 --- a/2022/44xxx/CVE-2022-44546.json +++ b/2022/44xxx/CVE-2022-44546.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Update of Reference Count" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44547.json b/2022/44xxx/CVE-2022-44547.json index a91dcd140f6..b6d87f8d48c 100644 --- a/2022/44xxx/CVE-2022-44547.json +++ b/2022/44xxx/CVE-2022-44547.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UAF vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44548.json b/2022/44xxx/CVE-2022-44548.json index 71f07d8c717..7dbaa78fbd6 100644 --- a/2022/44xxx/CVE-2022-44548.json +++ b/2022/44xxx/CVE-2022-44548.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unstrict permission verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44549.json b/2022/44xxx/CVE-2022-44549.json index fdbe6608e67..d9c292f96ac 100644 --- a/2022/44xxx/CVE-2022-44549.json +++ b/2022/44xxx/CVE-2022-44549.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Geofencing API access vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44550.json b/2022/44xxx/CVE-2022-44550.json index 03fb4480f69..8bcb66671a8 100644 --- a/2022/44xxx/CVE-2022-44550.json +++ b/2022/44xxx/CVE-2022-44550.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UAF vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44551.json b/2022/44xxx/CVE-2022-44551.json index 8caad456ada..d8b1ecd38fb 100644 --- a/2022/44xxx/CVE-2022-44551.json +++ b/2022/44xxx/CVE-2022-44551.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Thread security vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44552.json b/2022/44xxx/CVE-2022-44552.json index a88448ea434..f9217b1c915 100644 --- a/2022/44xxx/CVE-2022-44552.json +++ b/2022/44xxx/CVE-2022-44552.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weaknesses Introduced During Design" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44553.json b/2022/44xxx/CVE-2022-44553.json index 4c9069f95bd..c62fcfaf6e8 100644 --- a/2022/44xxx/CVE-2022-44553.json +++ b/2022/44xxx/CVE-2022-44553.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44553", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weaknesses Introduced During Design" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44554.json b/2022/44xxx/CVE-2022-44554.json index fe2fdb01814..635b3f35321 100644 --- a/2022/44xxx/CVE-2022-44554.json +++ b/2022/44xxx/CVE-2022-44554.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44554", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44555.json b/2022/44xxx/CVE-2022-44555.json index 171fe30dd26..d0b8c94cab8 100644 --- a/2022/44xxx/CVE-2022-44555.json +++ b/2022/44xxx/CVE-2022-44555.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Service hijacking vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44557.json b/2022/44xxx/CVE-2022-44557.json index 599bfca0dc0..90c1481a6a2 100644 --- a/2022/44xxx/CVE-2022-44557.json +++ b/2022/44xxx/CVE-2022-44557.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44558.json b/2022/44xxx/CVE-2022-44558.json index 48a95a49aae..b0ecae8c286 100644 --- a/2022/44xxx/CVE-2022-44558.json +++ b/2022/44xxx/CVE-2022-44558.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Serialization/deserialization mismatch vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44559.json b/2022/44xxx/CVE-2022-44559.json index 8ed88b72728..65593f484f2 100644 --- a/2022/44xxx/CVE-2022-44559.json +++ b/2022/44xxx/CVE-2022-44559.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Serialization/deserialization mismatch vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44560.json b/2022/44xxx/CVE-2022-44560.json index 404b95ef787..c0b4c321835 100644 --- a/2022/44xxx/CVE-2022-44560.json +++ b/2022/44xxx/CVE-2022-44560.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Intent redirection vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44561.json b/2022/44xxx/CVE-2022-44561.json index 556f2309d77..8fe51ff4aae 100644 --- a/2022/44xxx/CVE-2022-44561.json +++ b/2022/44xxx/CVE-2022-44561.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permission verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44562.json b/2022/44xxx/CVE-2022-44562.json index bd7c85c1243..083f85b0bcd 100644 --- a/2022/44xxx/CVE-2022-44562.json +++ b/2022/44xxx/CVE-2022-44562.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Serialization/deserialization mismatch vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] } diff --git a/2022/44xxx/CVE-2022-44563.json b/2022/44xxx/CVE-2022-44563.json index 0732b243fc5..0211e5f4144 100644 --- a/2022/44xxx/CVE-2022-44563.json +++ b/2022/44xxx/CVE-2022-44563.json @@ -1,17 +1,90 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2022-44563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0" + }, + { + "version_affected": "=", + "version_value": "2.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Huawei" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Race condition vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2022/11/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2022/11/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433" } ] }