From 83a23c5aec41686fec7ec8596a7a5dfb907b10ac Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 13 Aug 2023 14:00:32 +0000 Subject: [PATCH] Auto-Update: 2023-08-13T14:00:28.721408+00:00 --- CVE-2021/CVE-2021-400xx/CVE-2021-40006.json | 24 +++++++++++-- CVE-2021/CVE-2021-468xx/CVE-2021-46895.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39380.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39381.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39382.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39383.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39384.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39385.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39386.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39387.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39388.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39389.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39390.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39391.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39392.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39393.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39394.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39395.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39396.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39397.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39398.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-393xx/CVE-2023-39399.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39400.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39401.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39402.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39403.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39404.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39405.json | 36 +++++++++++++++++++ CVE-2023/CVE-2023-394xx/CVE-2023-39406.json | 36 +++++++++++++++++++ README.md | 39 +++++++++++++++++---- 30 files changed, 1061 insertions(+), 10 deletions(-) create mode 100644 CVE-2021/CVE-2021-468xx/CVE-2021-46895.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39380.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39381.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39382.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39383.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39384.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39385.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39386.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39387.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39388.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39389.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39390.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39391.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39392.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39393.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39394.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39395.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39396.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39397.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39398.json create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39399.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39400.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39401.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39402.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39403.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39404.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39405.json create mode 100644 CVE-2023/CVE-2023-394xx/CVE-2023-39406.json diff --git a/CVE-2021/CVE-2021-400xx/CVE-2021-40006.json b/CVE-2021/CVE-2021-400xx/CVE-2021-40006.json index 9583938f8f5..460c67e8c14 100644 --- a/CVE-2021/CVE-2021-400xx/CVE-2021-40006.json +++ b/CVE-2021/CVE-2021-400xx/CVE-2021-40006.json @@ -2,12 +2,12 @@ "id": "CVE-2021-40006", "sourceIdentifier": "psirt@huawei.com", "published": "2022-01-10T14:10:21.260", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-13T13:15:08.720", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality." + "value": "Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.\n\n" }, { "lang": "es", @@ -73,6 +73,16 @@ "value": "CWE-327" } ] + }, + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-254" + } + ] } ], "configurations": [ @@ -93,12 +103,20 @@ } ], "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202112-0000001183296718", "source": "psirt@huawei.com", "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json new file mode 100644 index 00000000000..16569bcd573 --- /dev/null +++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2021-46895", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:10.030", + "lastModified": "2023-08-13T13:15:10.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-701" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39380.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39380.json new file mode 100644 index 00000000000..eb9ee9a1116 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39380.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39380", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:43.647", + "lastModified": "2023-08-13T12:15:43.647", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39381.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39381.json new file mode 100644 index 00000000000..1d16a27d104 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39381.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39381", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:44.950", + "lastModified": "2023-08-13T12:15:44.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39382.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39382.json new file mode 100644 index 00000000000..820a76c08ff --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39382.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39382", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:45.167", + "lastModified": "2023-08-13T12:15:45.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39383.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39383.json new file mode 100644 index 00000000000..c61eb7c710f --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39383.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39383", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:45.327", + "lastModified": "2023-08-13T12:15:45.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39384.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39384.json new file mode 100644 index 00000000000..b93083981a0 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39384.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39384", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:45.513", + "lastModified": "2023-08-13T12:15:45.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json new file mode 100644 index 00000000000..ed3870f4c00 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39385", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:10.333", + "lastModified": "2023-08-13T13:15:10.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-16" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json new file mode 100644 index 00000000000..d872555cd59 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39386", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:10.597", + "lastModified": "2023-08-13T13:15:10.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json new file mode 100644 index 00000000000..1e7ef640013 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39387", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:10.807", + "lastModified": "2023-08-13T13:15:10.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39388.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39388.json new file mode 100644 index 00000000000..24a6c885c98 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39388.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39388", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:45.667", + "lastModified": "2023-08-13T12:15:45.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39389.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39389.json new file mode 100644 index 00000000000..2c1975d6525 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39389.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39389", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:45.877", + "lastModified": "2023-08-13T12:15:45.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json new file mode 100644 index 00000000000..7017e79213f --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39390", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.090", + "lastModified": "2023-08-13T13:15:11.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39391.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39391.json new file mode 100644 index 00000000000..086a07e54e4 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39391.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39391", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.273", + "lastModified": "2023-08-13T13:15:11.273", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39392.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39392.json new file mode 100644 index 00000000000..8760a1c37b8 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39392.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39392", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:46.083", + "lastModified": "2023-08-13T12:15:46.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-16" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39393.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39393.json new file mode 100644 index 00000000000..c8ab7a7586a --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39393.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39393", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:46.180", + "lastModified": "2023-08-13T12:15:46.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39394.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39394.json new file mode 100644 index 00000000000..41979426821 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39394.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39394", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.457", + "lastModified": "2023-08-13T13:15:11.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39395.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39395.json new file mode 100644 index 00000000000..0216f430303 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39395.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39395", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.770", + "lastModified": "2023-08-13T13:15:11.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-19" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39396.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39396.json new file mode 100644 index 00000000000..c29ee640a9d --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39396.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39396", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:46.247", + "lastModified": "2023-08-13T12:15:46.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39397.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39397.json new file mode 100644 index 00000000000..d39e2831bd1 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39397.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39397", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.863", + "lastModified": "2023-08-13T13:15:11.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39398.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39398.json new file mode 100644 index 00000000000..a0899fbf78f --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39398.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39398", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:11.933", + "lastModified": "2023-08-13T13:15:11.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-275" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39399.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39399.json new file mode 100644 index 00000000000..613be7e268b --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39399.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39399", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:12.157", + "lastModified": "2023-08-13T13:15:12.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-275" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39400.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39400.json new file mode 100644 index 00000000000..564824ed477 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39400.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39400", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:12.467", + "lastModified": "2023-08-13T13:15:12.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39401.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39401.json new file mode 100644 index 00000000000..a44de0518f2 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39401.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39401", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:12.757", + "lastModified": "2023-08-13T13:15:12.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39402.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39402.json new file mode 100644 index 00000000000..52bc766ea41 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39402.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39402", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:13.020", + "lastModified": "2023-08-13T13:15:13.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39403.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39403.json new file mode 100644 index 00000000000..7bd3ef9a063 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39403.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39403", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:13.197", + "lastModified": "2023-08-13T13:15:13.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-358" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39404.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39404.json new file mode 100644 index 00000000000..9806145a9cc --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39404.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39404", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:13.267", + "lastModified": "2023-08-13T13:15:13.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json new file mode 100644 index 00000000000..803282e2e1a --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39405", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T12:15:46.467", + "lastModified": "2023-08-13T12:15:46.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39406.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39406.json new file mode 100644 index 00000000000..fa3e672ceb8 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39406.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39406", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-08-13T13:15:13.560", + "lastModified": "2023-08-13T13:15:13.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 817ca7df5ea..2128ab083e4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-12T23:55:25.661746+00:00 +2023-08-13T14:00:28.721408+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-12T23:15:08.567000+00:00 +2023-08-13T13:15:13.560000+00:00 ``` ### Last Data Feed Release @@ -23,26 +23,51 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-08-12T00:00:13.561761+00:00 +2023-08-13T00:00:13.581200+00:00 ``` ### Total Number of included CVEs ```plain -222506 +222534 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `28` -* [CVE-2023-4265](CVE-2023/CVE-2023-42xx/CVE-2023-4265.json) (`2023-08-12T23:15:08.567`) +* [CVE-2023-39382](CVE-2023/CVE-2023-393xx/CVE-2023-39382.json) (`2023-08-13T12:15:45.167`) +* [CVE-2023-39383](CVE-2023/CVE-2023-393xx/CVE-2023-39383.json) (`2023-08-13T12:15:45.327`) +* [CVE-2023-39384](CVE-2023/CVE-2023-393xx/CVE-2023-39384.json) (`2023-08-13T12:15:45.513`) +* [CVE-2023-39388](CVE-2023/CVE-2023-393xx/CVE-2023-39388.json) (`2023-08-13T12:15:45.667`) +* [CVE-2023-39389](CVE-2023/CVE-2023-393xx/CVE-2023-39389.json) (`2023-08-13T12:15:45.877`) +* [CVE-2023-39392](CVE-2023/CVE-2023-393xx/CVE-2023-39392.json) (`2023-08-13T12:15:46.083`) +* [CVE-2023-39393](CVE-2023/CVE-2023-393xx/CVE-2023-39393.json) (`2023-08-13T12:15:46.180`) +* [CVE-2023-39396](CVE-2023/CVE-2023-393xx/CVE-2023-39396.json) (`2023-08-13T12:15:46.247`) +* [CVE-2023-39405](CVE-2023/CVE-2023-394xx/CVE-2023-39405.json) (`2023-08-13T12:15:46.467`) +* [CVE-2023-39385](CVE-2023/CVE-2023-393xx/CVE-2023-39385.json) (`2023-08-13T13:15:10.333`) +* [CVE-2023-39386](CVE-2023/CVE-2023-393xx/CVE-2023-39386.json) (`2023-08-13T13:15:10.597`) +* [CVE-2023-39387](CVE-2023/CVE-2023-393xx/CVE-2023-39387.json) (`2023-08-13T13:15:10.807`) +* [CVE-2023-39390](CVE-2023/CVE-2023-393xx/CVE-2023-39390.json) (`2023-08-13T13:15:11.090`) +* [CVE-2023-39391](CVE-2023/CVE-2023-393xx/CVE-2023-39391.json) (`2023-08-13T13:15:11.273`) +* [CVE-2023-39394](CVE-2023/CVE-2023-393xx/CVE-2023-39394.json) (`2023-08-13T13:15:11.457`) +* [CVE-2023-39395](CVE-2023/CVE-2023-393xx/CVE-2023-39395.json) (`2023-08-13T13:15:11.770`) +* [CVE-2023-39397](CVE-2023/CVE-2023-393xx/CVE-2023-39397.json) (`2023-08-13T13:15:11.863`) +* [CVE-2023-39398](CVE-2023/CVE-2023-393xx/CVE-2023-39398.json) (`2023-08-13T13:15:11.933`) +* [CVE-2023-39399](CVE-2023/CVE-2023-393xx/CVE-2023-39399.json) (`2023-08-13T13:15:12.157`) +* [CVE-2023-39400](CVE-2023/CVE-2023-394xx/CVE-2023-39400.json) (`2023-08-13T13:15:12.467`) +* [CVE-2023-39401](CVE-2023/CVE-2023-394xx/CVE-2023-39401.json) (`2023-08-13T13:15:12.757`) +* [CVE-2023-39402](CVE-2023/CVE-2023-394xx/CVE-2023-39402.json) (`2023-08-13T13:15:13.020`) +* [CVE-2023-39403](CVE-2023/CVE-2023-394xx/CVE-2023-39403.json) (`2023-08-13T13:15:13.197`) +* [CVE-2023-39404](CVE-2023/CVE-2023-394xx/CVE-2023-39404.json) (`2023-08-13T13:15:13.267`) +* [CVE-2023-39406](CVE-2023/CVE-2023-394xx/CVE-2023-39406.json) (`2023-08-13T13:15:13.560`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2021-40006](CVE-2021/CVE-2021-400xx/CVE-2021-40006.json) (`2023-08-13T13:15:08.720`) ## Download and Usage