Skip to content

Commit

Permalink
Show file tree
Hide file tree
Showing 14 changed files with 504 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4cqj-vg46-4946",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9210"
],
"details": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9210"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:14Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ffw9-qr6v-4c9c",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9086"
],
"details": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9086"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-124"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:12Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gm94-vr86-wgqv",
"modified": "2024-12-27T12:30:36Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2024-3393"
],
"details": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3393"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-3393"
}
],
"database_specific": {
"cwe_ids": [
"CWE-754"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:17Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-h7hf-xhjp-fvww",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-1819"
],
"details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1819"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:09Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hc6q-5pvq-h8ff",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9081"
],
"details": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9081"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-285"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:10Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jm85-vm3h-hj2v",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9082"
],
"details": "There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9082"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-16-smartphone-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:11Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jpj4-cc78-mvh2",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9222"
],
"details": "There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9222"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:15Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mcxh-4gjr-cmr4",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-1818"
],
"details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1818"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:06Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p4pq-33vh-rcmg",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9089"
],
"details": "There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9089"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"severity": "LOW",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:13Z"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pvh6-5fjm-pm8r",
"modified": "2024-12-27T12:30:35Z",
"published": "2024-12-27T12:30:35Z",
"aliases": [
"CVE-2020-9236"
],
"details": "There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9236"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en"
}
],
"database_specific": {
"cwe_ids": [
"CWE-451"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T10:15:15Z"
}
}
Loading

0 comments on commit 880c358

Please sign in to comment.