admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Huawei from 2018-04-28.

Browse Source
This commit is contained in:
CVE Team 2018-04-30 09:06:28 -04:00
parent d0a4e1f73f
commit cb5d4ea230
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 135 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2017/17xxx/CVE-2017-17314.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17314",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300, RP200, TE30, TE40, TE50, TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "invalid memory access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-02-buffer-en"
}
]
}

48
2017/17xxx/CVE-2017-17318.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17318",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "E5771h-937",
"version" : {
"version_data" : [
{
"version_value" : "E5771h-937, The versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and The versions before E5771h-937TCPU-V200R001B329D05SP00C1308"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180428-01-mbb-en"
}
]
}

48
2018/7xxx/CVE-2018-7901.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7901",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ALP-AL00B, BLA-AL00B",
"version" : {
"version_data" : [
{
"version_value" : "ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "RCS module in ALP-AL00B smart phones with software earlier versions than 8.0.0.129, BLA-AL00B smart phones with software earlier versions than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
]
}