admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-11-09 21:00:33 +00:00
parent 2ddddc0583
commit 8e9cf2bd72
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
39 changed files with 2676 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2020/12xxx/CVE-2020-12930.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2020-12930",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

82
2020/12xxx/CVE-2020-12931.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2020-12931",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

82
2021/26xxx/CVE-2021-26360.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2021-26360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor\u2019s encrypted memory contents which may lead to arbitrary code execution in ASP."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

104
2021/26xxx/CVE-2021-26391.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2021-26391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
},
{
"product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

104
2021/26xxx/CVE-2021-26392.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2021-26392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
},
{
"product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

104
2021/26xxx/CVE-2021-26393.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2021-26393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Radeon RX 5000 Series & PRO W5000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
},
{
"product_name": "AMD Radeon RX 6000 Series & PRO W6000 Series ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Radeon Software",
"version_value": "22.5.2"
},
{
"version_affected": "<",
"version_name": "AMD Radeon Pro Software Enterprise",
"version_value": "22.Q2"
},
{
"version_affected": "<",
"version_name": "Enterprise Driver",
"version_value": "22.10.20"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
}
]
},
"source": {
"advisory": "AMD-SB-1029",
"discovery": "EXTERNAL"
}
}

79
2021/46xxx/CVE-2021-46851.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-46851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unstrict verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

79
2021/46xxx/CVE-2021-46852.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2021-46852",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logic bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

71
2022/23xxx/CVE-2022-23824.json
View File

@ -1,18 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2022-23824",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor ",
"version_value": "various "
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

82
2022/23xxx/CVE-2022-23831.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2022-23831",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD \u03bcProf ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMDuProf_FreeBSD_x64",
"version_value": "3.6.549"
},
{
"version_affected": "<",
"version_name": "AMDuProf Windows",
"version_value": "3.6.839"
},
{
"version_affected": "<",
"version_name": "AMDuProf Linux",
"version_value": "3.6-449"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation of the IOCTL input buffer in AMD \u03bcProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
]
},
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
}
}

72
2022/27xxx/CVE-2022-27673.json
View File

@ -1,18 +1,72 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2022-27673",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD Link Android ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMD Link Android/TV ",
"version_value": "5.0.220614"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient access controls in the AMD Link Android app may potentially result in information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1047",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1047"
}
]
},
"source": {
"advisory": "AMD-SB-1047",
"discovery": "EXTERNAL"
}
}

82
2022/27xxx/CVE-2022-27674.json
View File

@ -1,18 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-11-08T17:00:00.000Z",
"ID": "CVE-2022-27674",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "AMD \u03bcProf ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "AMDuProf_FreeBSD_x64",
"version_value": "3.6.549"
},
{
"version_affected": "<",
"version_name": "AMDuProf Windows",
"version_value": "3.6.839"
},
{
"version_affected": "<",
"version_name": "AMDuProf Linux",
"version_value": "3.6-449"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient validation in the IOCTL input/output buffer in AMD \u03bcProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046",
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1046"
}
]
},
"source": {
"advisory": "AMD-SB-1046",
"discovery": "EXTERNAL"
}
}

120
2022/29xxx/CVE-2022-29836.json
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-29836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "My Cloud Home",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "My Cloud Home ",
"version_value": "8.11.0-113"
},
{
"platform": "Linux",
"version_affected": "<",
"version_name": "My Cloud Home Duo",
"version_value": "8.11.0-113"
}
]
}
}
]
},
"vendor_name": "Western Digital"
},
{
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "<",
"version_name": "ibi",
"version_value": "8.11.0-113"
}
]
}
}
]
},
"vendor_name": "SanDisk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.westerndigital.com",
"name": "https://www.westerndigital.com"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Your My Cloud Home and ibi device will be automatically updated to reflect the latest firmware version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

50
2022/31xxx/CVE-2022-31685.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31685",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Assist",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Assist prior to 22.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application."
}
]
}

50
2022/31xxx/CVE-2022-31686.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31686",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Assist",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Assist prior to 22.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Authentication Method"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application."
}
]
}

50
2022/31xxx/CVE-2022-31687.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Assist",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Assist prior to 22.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application."
}
]
}

50
2022/31xxx/CVE-2022-31688.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Assist",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Assist prior to 22.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window."
}
]
}

50
2022/31xxx/CVE-2022-31689.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-31689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware Workspace ONE Assist",
"version": {
"version_data": [
{
"version_value": "VMware Workspace ONE Assist prior to 22.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0028.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token."
}
]
}

2
2022/39xxx/CVE-2022-39390.json
View File

@ -4,7 +4,7 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-39390",
"ASSIGNER": "security-advisories@github.com",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {

67
2022/43xxx/CVE-2022-43031.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43031",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/cai-niao98/Dedecmsv6",
"url": "https://github.com/cai-niao98/Dedecmsv6"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b75243eda0b",
"url": "https://gist.github.com/cai-niao98/77a7aa934492c2d651b37b75243eda0b"
}
]
}

62
2022/43xxx/CVE-2022-43058.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43058",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/ctg503/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md",
"url": "https://github.com/ctg503/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md"
}
]
}

72
2022/43xxx/CVE-2022-43310.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-43310",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2022-43310",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"name": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"url": "https://www.foxitsoftware.cn/support/security-bulletins.html",
"refsource": "MISC",
"name": "https://www.foxitsoftware.cn/support/security-bulletins.html"
},
{
"url": "https://github.com/hxxt9049/futing",
"refsource": "MISC",
"name": "https://github.com/hxxt9049/futing"
}
]
}

79
2022/44xxx/CVE-2022-44546.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Update of Reference Count"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

79
2022/44xxx/CVE-2022-44547.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UAF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44548.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unstrict permission verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44549.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Geofencing API access vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44550.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UAF vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44551.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Thread security vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

79
2022/44xxx/CVE-2022-44552.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44552",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weaknesses Introduced During Design"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44553.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Weaknesses Introduced During Design"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

79
2022/44xxx/CVE-2022-44554.json
View File

@ -1,17 +1,78 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44555.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Service hijacking vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44557.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44558.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Serialization/deserialization mismatch vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44559.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Serialization/deserialization mismatch vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

87
2022/44xxx/CVE-2022-44560.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Intent redirection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

87
2022/44xxx/CVE-2022-44561.json
View File

@ -1,17 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44561",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission verification vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44562.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Serialization/deserialization mismatch vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}

91
2022/44xxx/CVE-2022-44563.json
View File

@ -1,17 +1,90 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2022-44563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "HarmonyOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
},
{
"version_affected": "=",
"version_value": "2.1"
}
]
}
},
{
"product_name": "EMUI",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "11.0.1"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race condition vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11/",
"refsource": "MISC",
"name": "https://consumer.huawei.com/en/support/bulletin/2022/11/"
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433",
"refsource": "MISC",
"name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
]
}