admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Huawei from 2018-07-30.

Browse Source
This commit is contained in:
CVE Team 2018-07-31 09:37:51 -04:00
parent 6e533932ea
commit c0a3089d9f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
7 changed files with 360 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2017/17xxx/CVE-2017-17174.json
View File

@ -1,8 +1,49 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17174",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RSE6500; SoftCo; VP9660; eSpace U1981",
"version" : {
"version_data" : [
{
"version_value" : "RSE6500 V500R002C00"
},
{
"version_value" : "SoftCo V200R003C20SPCb00"
},
{
"version_value" : "VP9660 V600R006C10"
},
{
"version_value" : "eSpace U1981 V100R001C20"
},
{
"version_value" : "V200R003C20"
},
{
"version_value" : "V200R003C30"
},
{
"version_value" : "V200R003C50"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +52,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Some Huawei products RSE6500 V500R002C00; SoftCo V200R003C20SPCb00; VP9660 V600R006C10; eSpace U1981 V100R001C20; V200R003C20; V200R003C30; V200R003C50 have a weak algorithm vulnerability. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key and the previously captured sessions by some cryptanalytic operations. Successful exploit may cause information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "weak algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180703-01-algorithm-en"
}
]
}

48
2018/7xxx/CVE-2018-7934.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7934",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 10 Pro",
"version" : {
"version_data" : [
{
"version_value" : "The versions before BLA-L29 8.0.0.145(C432)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C432) have a denial of service (DoS) vulnerability because they do not adapt to specific screen gestures. An attacker may trick users into installing a malicious app. As a result, apps running on the frontend crash after the users make specific screen gestures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180705-01-smartphone-en"
}
]
}

48
2018/7xxx/CVE-2018-7947.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7947",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emily-AL00A",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier before 8.1.0.153(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180720-01-mobile-en"
}
]
}

48
2018/7xxx/CVE-2018-7957.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7957",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Victoria-AL00",
"version" : {
"version_data" : [
{
"version_value" : "Victoria-AL00 8.0.0.336a(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information leakage"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-smartphone-en"
}
]
}

54
2018/7xxx/CVE-2018-7992.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7992",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MediaPad M3; Mate 9 Pro; P10 Plus",
"version" : {
"version_data" : [
{
"version_value" : "MediaPad M3 BTV-W09C128B353CUSTC128D001"
},
{
"version_value" : "Mate 9 Pro versions earlier than 8.0.0.356(C00)"
},
{
"version_value" : "P10 Plus versions earlier than 8.0.0.357(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +40,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Mdapt Driver of MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plus versions earlier than 8.0.0.357(C00) has a buffer overflow vulnerability. The driver does not sufficiently validate the input, an attacker could trick the user to install a malicious application which would send crafted parameters to the driver. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180725-01-dos-en"
}
]
}

48
2018/7xxx/CVE-2018-7993.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7993",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HUAWEI Mate 10",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier than ALP-AL00 8.1.0.311"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use after free"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
]
}

69
2018/7xxx/CVE-2018-7994.json
View File

@ -1,8 +1,52 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7994",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6600; USG9500",
"version" : {
"version_data" : [
{
"version_value" : "IPS Module V500R001C50"
},
{
"version_value" : "NGFW Module V500R001C50"
},
{
"version_value" : "V500R002C10"
},
{
"version_value" : "NIP6300 V500R001C50"
},
{
"version_value" : "NIP6600 V500R001C50"
},
{
"version_value" : "NIP6800 V500R001C50"
},
{
"version_value" : "Secospace USG6600 V500R001C50"
},
{
"version_value" : "USG9500 V500R001C50"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +55,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when processing Protal questionnaire. A remote attacker could send a lot questionnaires to the device, successful exploit could cause the device to reboot since running out of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180704-01-firewall-en"
}
]
}