From ee0af3f6437b6d732b350098eeba8bd2d13f3b79 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 13 Aug 2023 13:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/40xxx/CVE-2021-40006.json | 100 +++++++++++++++++++++---------- 2021/46xxx/CVE-2021-46895.json | 76 ++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39385.json | 88 ++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39386.json | 80 +++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39387.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39390.json | 80 +++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39391.json | 100 +++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39394.json | 88 ++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39395.json | 92 +++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39397.json | 88 ++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39398.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39399.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39400.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39401.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39402.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39403.json | 104 +++++++++++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39404.json | 80 +++++++++++++++++++++++-- 2023/39xxx/CVE-2023-39406.json | 76 ++++++++++++++++++++++-- 18 files changed, 1578 insertions(+), 98 deletions(-) diff --git a/2021/40xxx/CVE-2021-40006.json b/2021/40xxx/CVE-2021-40006.json index 105d30c648b..750fe01d84e 100644 --- a/2021/40xxx/CVE-2021-40006.json +++ b/2021/40xxx/CVE-2021-40006.json @@ -1,41 +1,17 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-40006", + "ASSIGNER": "psirt@huawei.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "HarmonyOS", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "2.0" - } - ] - } - } - ] - }, - "vendor_name": "Huawei" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality." + "value": "Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.\n\n" } ] }, @@ -45,19 +21,83 @@ "description": [ { "lang": "eng", - "value": "Security Features" + "value": "CWE-254 7PK - Security Features", + "cweId": "CWE-254" } ] } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", "refsource": "MISC", "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + }, + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" } ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2021/46xxx/CVE-2021-46895.json b/2021/46xxx/CVE-2021-46895.json index 36d37238fe2..16578753228 100644 --- a/2021/46xxx/CVE-2021-46895.json +++ b/2021/46xxx/CVE-2021-46895.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-46895", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-701 Weaknesses Introduced During Design", + "cweId": "CWE-701" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39385.json b/2023/39xxx/CVE-2023-39385.json index 8b6f1485a11..e1ee2b89e39 100644 --- a/2023/39xxx/CVE-2023-39385.json +++ b/2023/39xxx/CVE-2023-39385.json @@ -1,18 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-16 Configuration", + "cweId": "CWE-16" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39386.json b/2023/39xxx/CVE-2023-39386.json index 3abd8979654..e39a3ddd30d 100644 --- a/2023/39xxx/CVE-2023-39386.json +++ b/2023/39xxx/CVE-2023-39386.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39386", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39387.json b/2023/39xxx/CVE-2023-39387.json index 720957639de..87b1f34bfb6 100644 --- a/2023/39xxx/CVE-2023-39387.json +++ b/2023/39xxx/CVE-2023-39387.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39387", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls", + "cweId": "CWE-264" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39390.json b/2023/39xxx/CVE-2023-39390.json index 64ae50b2ad3..16700dc4396 100644 --- a/2023/39xxx/CVE-2023-39390.json +++ b/2023/39xxx/CVE-2023-39390.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39390", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39391.json b/2023/39xxx/CVE-2023-39391.json index b0290bd4642..f78e2e28790 100644 --- a/2023/39xxx/CVE-2023-39391.json +++ b/2023/39xxx/CVE-2023-39391.json @@ -1,18 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls", + "cweId": "CWE-264" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39394.json b/2023/39xxx/CVE-2023-39394.json index 6cac63a9772..722598c2d46 100644 --- a/2023/39xxx/CVE-2023-39394.json +++ b/2023/39xxx/CVE-2023-39394.json @@ -1,18 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls", + "cweId": "CWE-264" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39395.json b/2023/39xxx/CVE-2023-39395.json index 02fde565dd5..203e1c10884 100644 --- a/2023/39xxx/CVE-2023-39395.json +++ b/2023/39xxx/CVE-2023-39395.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-19 Data Processing Errors", + "cweId": "CWE-19" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39397.json b/2023/39xxx/CVE-2023-39397.json index c6180ba9217..540c6dcc678 100644 --- a/2023/39xxx/CVE-2023-39397.json +++ b/2023/39xxx/CVE-2023-39397.json @@ -1,18 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476 NULL Pointer Dereference", + "cweId": "CWE-476" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39398.json b/2023/39xxx/CVE-2023-39398.json index 1133f7c016d..0ecd66b5ab9 100644 --- a/2023/39xxx/CVE-2023-39398.json +++ b/2023/39xxx/CVE-2023-39398.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-275 Permission Issues", + "cweId": "CWE-275" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39399.json b/2023/39xxx/CVE-2023-39399.json index 3e5cd318a01..e34bb89d358 100644 --- a/2023/39xxx/CVE-2023-39399.json +++ b/2023/39xxx/CVE-2023-39399.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-275 Permission Issues", + "cweId": "CWE-275" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39400.json b/2023/39xxx/CVE-2023-39400.json index 5338e2d8ae8..46e0dd92a30 100644 --- a/2023/39xxx/CVE-2023-39400.json +++ b/2023/39xxx/CVE-2023-39400.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39401.json b/2023/39xxx/CVE-2023-39401.json index f44712380ce..3e37df16bf6 100644 --- a/2023/39xxx/CVE-2023-39401.json +++ b/2023/39xxx/CVE-2023-39401.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39402.json b/2023/39xxx/CVE-2023-39402.json index d964905aadf..32b1ba3577d 100644 --- a/2023/39xxx/CVE-2023-39402.json +++ b/2023/39xxx/CVE-2023-39402.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39403.json b/2023/39xxx/CVE-2023-39403.json index bc8f2edcd3f..b480b18f2e9 100644 --- a/2023/39xxx/CVE-2023-39403.json +++ b/2023/39xxx/CVE-2023-39403.json @@ -1,18 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358 Improperly Implemented Security Check for Standard", + "cweId": "CWE-358" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + }, + { + "version_affected": "=", + "version_value": "2.1.0" + }, + { + "version_affected": "=", + "version_value": "2.0.0" + }, + { + "version_affected": "=", + "version_value": "2.0.1" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + }, + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "11.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39404.json b/2023/39xxx/CVE-2023-39404.json index 698a63770f9..7cdfbf92865 100644 --- a/2023/39xxx/CVE-2023-39404.json +++ b/2023/39xxx/CVE-2023-39404.json @@ -1,18 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.0" + }, + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/39xxx/CVE-2023-39406.json b/2023/39xxx/CVE-2023-39406.json index 626b9e3b0c3..ba57737a3f6 100644 --- a/2023/39xxx/CVE-2023-39406.json +++ b/2023/39xxx/CVE-2023-39406.json @@ -1,18 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-39406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264 Permissions, Privileges, and Access Controls", + "cweId": "CWE-264" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "HarmonyOS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + }, + { + "product_name": "EMUI", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2023/8/" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "refsource": "MISC", + "name": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file