diff --git a/2020/1xxx/CVE-2020-1792.json b/2020/1xxx/CVE-2020-1792.json index 74a35ed4063..b6a61441358 100644 --- a/2020/1xxx/CVE-2020-1792.json +++ b/2020/1xxx/CVE-2020-1792.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honor V10", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4),Versions earlier than BKL-L09 10.0.0.146(C432E4R1P4)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of Bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200226-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200226-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot." } ] } diff --git a/2020/1xxx/CVE-2020-1844.json b/2020/1xxx/CVE-2020-1844.json index e0522efcd06..938d537f657 100644 --- a/2020/1xxx/CVE-2020-1844.json +++ b/2020/1xxx/CVE-2020-1844.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1844", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "PCManager", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.5.51" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200221-01-pcmanager-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200221-01-pcmanager-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege." } ] } diff --git a/2020/1xxx/CVE-2020-1860.json b/2020/1xxx/CVE-2020-1860.json index 307d418ba27..cc4bb77a033 100644 --- a/2020/1xxx/CVE-2020-1860.json +++ b/2020/1xxx/CVE-2020-1860.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1860", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60,V500R005C00" + }, + { + "version_value": "V500R001C30,V500R001C60,V500R005C00" + }, + { + "version_value": "V500R001C30,V500R001C60,V500R005C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Control Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet." } ] } diff --git a/2020/1xxx/CVE-2020-1861.json b/2020/1xxx/CVE-2020-1861.json index f580c612e90..cefa5e13816 100644 --- a/2020/1xxx/CVE-2020-1861.json +++ b/2020/1xxx/CVE-2020-1861.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1861", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800", + "version": { + "version_data": [ + { + "version_value": "V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-leak-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage." } ] } diff --git a/2020/1xxx/CVE-2020-1873.json b/2020/1xxx/CVE-2020-1873.json index cb4724e3ee6..44482caf85e 100644 --- a/2020/1xxx/CVE-2020-1873.json +++ b/2020/1xxx/CVE-2020-1873.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1873", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00SPC100" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofboundread-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofboundread-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the device reboot." } ] } diff --git a/2020/1xxx/CVE-2020-1874.json b/2020/1xxx/CVE-2020-1874.json index 67bb7197f44..daffae70ebf 100644 --- a/2020/1xxx/CVE-2020-1874.json +++ b/2020/1xxx/CVE-2020-1874.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1874", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00SPC100" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid Pointer Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-invalidpointer-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-invalidpointer-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability. The software system access an invalid pointer when operator logs in to the device and performs some operations. Successful exploit could cause certain process reboot." } ] } diff --git a/2020/1xxx/CVE-2020-1875.json b/2020/1xxx/CVE-2020-1875.json index 6c689c0cee8..78247fc65ae 100644 --- a/2020/1xxx/CVE-2020-1875.json +++ b/2020/1xxx/CVE-2020-1875.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1875", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid Pointer Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-wildpointer-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-wildpointer-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when an abnormal condition occurs in certain operation. Successful exploit could cause certain process reboot. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500;USG9500 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500." } ] } diff --git a/2020/1xxx/CVE-2020-1876.json b/2020/1xxx/CVE-2020-1876.json index 59532256187..26311023d34 100644 --- a/2020/1xxx/CVE-2020-1876.json +++ b/2020/1xxx/CVE-2020-1876.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-01-outofwrite-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot." } ] } diff --git a/2020/1xxx/CVE-2020-1877.json b/2020/1xxx/CVE-2020-1877.json index b1aeef028f9..07f99d24151 100644 --- a/2020/1xxx/CVE-2020-1877.json +++ b/2020/1xxx/CVE-2020-1877.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid Pointer Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-05-invalidpointer-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability. The software system access an invalid pointer when administrator log in to the device and performs some operations. Successful exploit could cause certain process reboot." } ] } diff --git a/2020/1xxx/CVE-2020-1881.json b/2020/1xxx/CVE-2020-1881.json index 9f32bc006b0..44dc83d2ae4 100644 --- a/2020/1xxx/CVE-2020-1881.json +++ b/2020/1xxx/CVE-2020-1881.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1881", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "NIP6800;Secospace USG6600;USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600" + }, + { + "version_value": "V500R001C30SPC200,V500R001C30SPC600" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-resource-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-resource-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability. An attacker needs to perform specific operations to trigger a function of the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices." } ] } diff --git a/2020/9xxx/CVE-2020-9464.json b/2020/9xxx/CVE-2020-9464.json new file mode 100644 index 00000000000..45adf913478 --- /dev/null +++ b/2020/9xxx/CVE-2020-9464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file