admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Huawei from 2018-03-09.

Browse Source
This commit is contained in:
CVE Team 2018-03-09 11:08:22 -05:00
parent 013eff1b81
commit f9921ab6b0
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
39 changed files with 2646 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2017/17xxx/CVE-2017-17145.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17145",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Honor V9 Play",
"version" : {
"version_data" : [
{
"version_value" : "The versions before Jimmy-AL00AC00B135"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei Honor V9 Play smart phones with the versions before Jimmy-AL00AC00B135 have an authentication bypass vulnerability due to the improper design of a component. An attacker who get a user's smart phone can execute specific operation, and delete the fingerprint of the phone without authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-03-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17146.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17146",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00 have a buffer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks or remote code execution on the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en"
}
]
}

48
2017/17xxx/CVE-2017-17147.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17147",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00 have an integer overflow vulnerability due to the lack of validation. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en"
}
]
}

48
2017/17xxx/CVE-2017-17148.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17148",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-xml-en"
}
]
}

48
2017/17xxx/CVE-2017-17149.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17149",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Huawei HiWallet App",
"version" : {
"version_data" : [
{
"version_value" : "The versions before 8.0.4"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successful exploit of this vulnerability can allow an attacker to change the lock pattern of HiWallet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "arbitrary lock pattern change"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-hiwallet-en"
}
]
}

84
2017/17xxx/CVE-2017-17150.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17150",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Timergrp module in DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-vpp-en"
}
]
}

57
2017/17xxx/CVE-2017-17167.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17167",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; TP3206; ViewPoint 9030",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "TP3206 V100R002C00"
},
{
"version_value" : "ViewPoint 9030 V100R011C02"
},
{
"version_value" : "V100R011C03"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +43,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algorithm in SSL. This is dangerous because a remote unauthenticated attacker could use well-known techniques to break the algorithm. Successful exploit could result in the exposure of sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "use of a broken or risky cryptographic algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-ssl-en"
}
]
}

96
2017/17xxx/CVE-2017-17168.json
View File

@ -1,8 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17168",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +82,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The CIDAM Protocol on DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}

96
2017/17xxx/CVE-2017-17169.json
View File

@ -1,8 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17169",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +82,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The CIDAM Protocol on DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}

96
2017/17xxx/CVE-2017-17170.json
View File

@ -1,8 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17170",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +82,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The CIDAM Protocol on DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}

84
2017/17xxx/CVE-2017-17199.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17199",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-en"
}
]
}

84
2017/17xxx/CVE-2017-17200.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17200",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-en"
}
]
}

84
2017/17xxx/CVE-2017-17216.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17216",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00SPC200"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Media Gateway Control Protocol (MGCP) in DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may cause process reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en"
}
]
}

84
2017/17xxx/CVE-2017-17217.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17217",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00SPC200"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Media Gateway Control Protocol (MGCP) in DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds write"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-en"
}
]
}

84
2017/17xxx/CVE-2017-17218.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17218",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SCCPX module in DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en"
}
]
}

84
2017/17xxx/CVE-2017-17219.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17219",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SCCPX module in DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "invalid memory access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en"
}
]
}

84
2017/17xxx/CVE-2017-17220.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17220",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SCCPX module in DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "invalid memory access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-en"
}
]
}

54
2017/17xxx/CVE-2017-17221.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17221",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eSpace 7950; eSpace 8950",
"version" : {
"version_data" : [
{
"version_value" : "eSpace 7950 V200R003C30"
},
{
"version_value" : "eSpace 8950 V200R003C00"
},
{
"version_value" : "V200R003C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +40,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Import Signal Tone function in eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
}
]
}

54
2017/17xxx/CVE-2017-17222.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17222",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eSpace 7950; eSpace 8950",
"version" : {
"version_data" : [
{
"version_value" : "eSpace 7950 V200R003C30"
},
{
"version_value" : "eSpace 8950 V200R003C00"
},
{
"version_value" : "V200R003C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +40,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Import Language Package function in eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-en"
}
]
}

57
2017/17xxx/CVE-2017-17223.json
View File

@ -1,8 +1,40 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17223",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eSpace 7910; eSpace 7950; eSpace 8950",
"version" : {
"version_data" : [
{
"version_value" : "eSpace 7910 V200R003C30"
},
{
"version_value" : "eSpace 7950 V200R003C30"
},
{
"version_value" : "eSpace 8950 V200R003C00"
},
{
"version_value" : "V200R003C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +43,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload and download files and cause information leak and system crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "directory traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-en"
}
]
}

48
2017/17xxx/CVE-2017-17225.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17225",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "The versions before LON-AL00B 8.0.0.340a(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Near Field Communication (NFC) module in Mate 9 Pro mobile phones with the versions before LON-AL00B 8.0.0.340a(C00) has a buffer overflow vulnerability due to the lack of input validation. An attacker may use an NFC card reader or another device to inject malicious data into a target mobile phone. Successful exploit could lead to system restart or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180130-01-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17226.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17226",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TripAdvisor",
"version" : {
"version_data" : [
{
"version_value" : "The versions before TAMobileApp-24.6.4"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "arbitrary URL loading"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
]
}

54
2017/17xxx/CVE-2017-17227.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17227",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 10",
"version" : {
"version_data" : [
{
"version_value" : "The versions before ALP-L09 8.0.0.120(C212)"
},
{
"version_value" : "The versions before ALP-L09 8.0.0.127(C900)"
},
{
"version_value" : "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +40,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "GPU driver in Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input parameters validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
]
}

93
2017/17xxx/CVE-2017-17250.json
View File

@ -1,8 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17250",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AR120-S; AR1200; AR1200-S; AR150; AR150-S; AR160; AR200; AR200-S; AR2200-S; AR3200; AR510; NetEngine16EX; SRG1300; SRG2300; SRG3300",
"version" : {
"version_data" : [
{
"version_value" : "AR120-S V200R005C32"
},
{
"version_value" : "AR1200 V200R005C32"
},
{
"version_value" : "AR1200-S V200R005C32"
},
{
"version_value" : "AR150 V200R005C32"
},
{
"version_value" : "AR150-S V200R005C32"
},
{
"version_value" : "AR160 V200R005C32"
},
{
"version_value" : "AR200 V200R005C32"
},
{
"version_value" : "AR200-S V200R005C32"
},
{
"version_value" : "AR2200-S V200R005C32"
},
{
"version_value" : "AR3200 V200R005C32"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "AR510 V200R005C32"
},
{
"version_value" : "NetEngine16EX V200R005C32"
},
{
"version_value" : "SRG1300 V200R005C32"
},
{
"version_value" : "SRG2300 V200R005C32"
},
{
"version_value" : "SRG3300 V200R005C32"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +79,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; AR150 V200R005C32; AR150-S V200R005C32; AR160 V200R005C32; AR200 V200R005C32; AR200-S V200R005C32; AR2200-S V200R005C32; AR3200 V200R005C32; V200R007C00; AR510 V200R005C32; NetEngine16EX V200R005C32; SRG1300 V200R005C32; SRG2300 V200R005C32; SRG3300 V200R005C32 have an out-of-bounds write vulnerability. When a user executes a query command after the device received an abnormal OSPF message, the software writes data past the end of the intended buffer due to the insufficient verification of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending abnormal OSPF messages to the device. A successful exploit could cause the system to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds write"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180214-01-ospf-en"
}
]
}

48
2017/17xxx/CVE-2017-17279.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17279",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "The versions before LON-AL00B 8.0.0.343(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The soundtrigger module in Mate 9 Pro smart phones with software of the versions before LON-AL00B 8.0.0.343(C00) has an authentication bypass vulnerability due to the improper design of the module. An attacker tricks a user into installing a malicious application, and the application can exploit the vulnerability and make attacker bypass the authentication, the attacker can control the phone to sent short messages and make call within audio range to the phone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17280.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17280",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LON-AL00B",
"version" : {
"version_data" : [
{
"version_value" : "LON-AL00BC00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. Successful exploit will cause some information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information leak"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-phone-en"
}
]
}

81
2017/17xxx/CVE-2017-17281.json
View File

@ -1,8 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17281",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "RP200 V600R006C00"
},
{
"version_value" : "TE30 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE40 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE50 V500R002C00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +67,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SFTP module in DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-en"
}
]
}

294
2017/17xxx/CVE-2017-17303.json
View File

@ -1,8 +1,277 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17303",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300; RP200; TE30; TE40; TE50; TE60",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
},
{
"version_value" : "RP200 V500R002C00SPC200"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "V600R006C00SPC200"
},
{
"version_value" : "V600R006C00SPC300"
},
{
"version_value" : "TE30 V100R001C10SPC300"
},
{
"version_value" : "V100R001C10SPC500"
},
{
"version_value" : "V100R001C10SPC600"
},
{
"version_value" : "V100R001C10SPC700B010"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC700"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCb00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "V600R006C00SPC200"
},
{
"version_value" : "V600R006C00SPC300"
},
{
"version_value" : "TE40 V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC700"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCb00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "V600R006C00SPC200"
},
{
"version_value" : "V600R006C00SPC300"
},
{
"version_value" : "TE50 V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC700"
},
{
"version_value" : "V500R002C00SPCb00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "V600R006C00SPC200"
},
{
"version_value" : "V600R006C00SPC300"
},
{
"version_value" : "TE60 V100R001C10"
},
{
"version_value" : "V100R001C10B001"
},
{
"version_value" : "V100R001C10B002"
},
{
"version_value" : "V100R001C10B010"
},
{
"version_value" : "V100R001C10B011"
},
{
"version_value" : "V100R001C10B012"
},
{
"version_value" : "V100R001C10B013"
},
{
"version_value" : "V100R001C10B014"
},
{
"version_value" : "V100R001C10B016"
},
{
"version_value" : "V100R001C10B017"
},
{
"version_value" : "V100R001C10B018"
},
{
"version_value" : "V100R001C10B019"
},
{
"version_value" : "V100R001C10SPC400"
},
{
"version_value" : "V100R001C10SPC500"
},
{
"version_value" : "V100R001C10SPC600"
},
{
"version_value" : "V100R001C10SPC700"
},
{
"version_value" : "V100R001C10SPC800B011"
},
{
"version_value" : "V100R001C10SPC900"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC700"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
},
{
"version_value" : "V500R002C00SPCb00"
},
{
"version_value" : "V500R002C00SPCd00"
},
{
"version_value" : "V500R002C00SPCe00"
},
{
"version_value" : "V600R006C00"
},
{
"version_value" : "V600R006C00SPC100"
},
{
"version_value" : "V600R006C00SPC200"
},
{
"version_value" : "V600R006C00SPC300"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +280,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE30 V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; V600R006C00SPC300; TE60 V100R001C10; V100R001C10B001; V100R001C10B002; V100R001C10B010; V100R001C10B011; V100R001C10B012; V100R001C10B013; V100R001C10B014; V100R001C10B016; V100R001C10B017; V100R001C10B018; V100R001C10B019; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800B011; V100R001C10SPC900; V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V500R002C00SPCe00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300 use the CIDAM protocol, which contains sensitive information in the message when it is implemented. So these products has an information disclosure vulnerability. An authenticated remote attacker could track and get the message of a target system. Successful exploit could allow the attacker to get the information and cause the sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-01-cidam-en"
}
]
}

96
2017/17xxx/CVE-2017-17304.json
View File

@ -1,8 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17304",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +82,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The CIDAM Protocol on DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}

48
2017/17xxx/CVE-2017-17321.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17321",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eNSP",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier than V100R002C00B510"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "eNSP software with software of versions earlier than V100R002C00B510 has a buffer overflow vulnerability. Due to the improper validation of specific command line parameter, a local attacker could exploit this vulnerability to cause the software process abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ensp-en"
}
]
}

48
2017/17xxx/CVE-2017-17322.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17322",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Honor Smart Scale Application",
"version" : {
"version_data" : [
{
"version_value" : "1.1.1"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Honor Smart Scale Application with software of 1.1.1 has an information disclosure vulnerability. The application does not sufficiently restrict the resource which can be accessed by certain protocol. An attacker could trick the user to click a malicious link, successful exploit could cause information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180309-01-ah-en"
}
]
}

54
2017/17xxx/CVE-2017-17323.json
View File

@ -1,8 +1,37 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17323",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iBMC",
"version" : {
"version_data" : [
{
"version_value" : "V200R002C10"
},
{
"version_value" : "V200R002C20"
},
{
"version_value" : "V200R002C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +40,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "IBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "improper authorization"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
}
]
}

51
2017/17xxx/CVE-2017-17324.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17324",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "LON-AL00BC00B139D"
},
{
"version_value" : "LON-AL00BC00B229"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +37,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180124-01-smartphone-en"
}
]
}

51
2017/17xxx/CVE-2017-17325.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17325",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HiCinema",
"version" : {
"version_data" : [
{
"version_value" : "8.0.3.308"
},
{
"version_value" : "8.0.4.300"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +37,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei video applications HiCinema with software of 8.0.3.308; 8.0.4.300 have a permission control vulnerability. Due to improper verification of specific infterface, an attacker who is on the same network with the user can obtain some information through a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "permission control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180307-01-hicinema-en"
}
]
}

51
2017/17xxx/CVE-2017-17326.json
View File

@ -1,8 +1,34 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17326",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "Mate 9 Pro LON-AL00BC00B139D"
},
{
"version_value" : "LON-AL00BC00B229"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +37,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; LON-AL00BC00B229 have an activation lock bypass vulnerability. The smartphone is supposed to be activated by the former account after reset if find my phone function is on. The software does not have a sufficient protection of activation lock. Successful exploit could allow an attacker to bypass the activation lock and activate the smartphone by a new account after a series of operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "activation lock bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17327.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17327",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MHA-AL00A",
"version" : {
"version_data" : [
{
"version_value" : "MHA-AL00AC00B125"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei smartphones with software of MHA-AL00AC00B125 have an improper resource management vulnerability. The software does not properly manage the resource when do device register operation. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause certain service unavailable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "improper resource management"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-03-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17328.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17328",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MHA-AL00A",
"version" : {
"version_data" : [
{
"version_value" : "MHA-AL00AC00B125"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Huawei smartphones with software of MHA-AL00AC00B125 have an integer overflow vulnerability. The software does not process certain variable properly when handle certain process. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could cause information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171220-01-smartphone-en"
}
]
}

48
2017/17xxx/CVE-2017-17329.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17329",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ViewPoint 8660",
"version" : {
"version_data" : [
{
"version_value" : "V100R008C03"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en"
}
]
}

84
2017/17xxx/CVE-2017-17330.json
View File

@ -1,8 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17330",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AR3200; NGFW Module",
"version" : {
"version_data" : [
{
"version_value" : "AR3200 V200R005C32"
},
{
"version_value" : "V200R006C10"
},
{
"version_value" : "V200R006C11"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R007C01"
},
{
"version_value" : "V200R007C02"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R008C10"
},
{
"version_value" : "V200R008C20"
},
{
"version_value" : "V200R008C30"
},
{
"version_value" : "NGFW Module V500R001C00"
},
{
"version_value" : "V500R001C20"
},
{
"version_value" : "V500R002C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +70,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-04-xml-en"
}
]
}