-
Notifications
You must be signed in to change notification settings - Fork 343
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-4cqj-vg46-4946 GHSA-ffw9-qr6v-4c9c GHSA-gm94-vr86-wgqv GHSA-h7hf-xhjp-fvww GHSA-hc6q-5pvq-h8ff GHSA-jm85-vm3h-hj2v GHSA-jpj4-cc78-mvh2 GHSA-mcxh-4gjr-cmr4 GHSA-p4pq-33vh-rcmg GHSA-pvh6-5fjm-pm8r GHSA-q674-gg53-r46c GHSA-v55h-fmcq-hv7v GHSA-w867-8ghv-295x GHSA-xx24-r484-7p82
- Loading branch information
1 parent
36e2fd0
commit 880c358
Showing
14 changed files
with
504 additions
and
0 deletions.
There are no files selected for viewing
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-4cqj-vg46-4946/GHSA-4cqj-vg46-4946.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-4cqj-vg46-4946", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9210" | ||
], | ||
"details": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9210" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210106-01-myna-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-354" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:14Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-ffw9-qr6v-4c9c/GHSA-ffw9-qr6v-4c9c.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-ffw9-qr6v-4c9c", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9086" | ||
], | ||
"details": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9086" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-124" | ||
], | ||
"severity": "MODERATE", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:12Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-gm94-vr86-wgqv/GHSA-gm94-vr86-wgqv.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-gm94-vr86-wgqv", | ||
"modified": "2024-12-27T12:30:36Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2024-3393" | ||
], | ||
"details": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V4", | ||
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3393" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.paloaltonetworks.com/CVE-2024-3393" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-754" | ||
], | ||
"severity": "HIGH", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:17Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-h7hf-xhjp-fvww/GHSA-h7hf-xhjp-fvww.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-h7hf-xhjp-fvww", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-1819" | ||
], | ||
"details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1819" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-125" | ||
], | ||
"severity": "LOW", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:09Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-hc6q-5pvq-h8ff/GHSA-hc6q-5pvq-h8ff.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-hc6q-5pvq-h8ff", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9081" | ||
], | ||
"details": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9081" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-285" | ||
], | ||
"severity": "LOW", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:10Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-jm85-vm3h-hj2v/GHSA-jm85-vm3h-hj2v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-jm85-vm3h-hj2v", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9082" | ||
], | ||
"details": "There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9082" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-16-smartphone-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-200" | ||
], | ||
"severity": "LOW", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:11Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-jpj4-cc78-mvh2/GHSA-jpj4-cc78-mvh2.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-jpj4-cc78-mvh2", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9222" | ||
], | ||
"details": "There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9222" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-269" | ||
], | ||
"severity": "HIGH", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:15Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-mcxh-4gjr-cmr4/GHSA-mcxh-4gjr-cmr4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-mcxh-4gjr-cmr4", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-1818" | ||
], | ||
"details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1818" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-125" | ||
], | ||
"severity": "LOW", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:06Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-p4pq-33vh-rcmg/GHSA-p4pq-33vh-rcmg.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-p4pq-33vh-rcmg", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9089" | ||
], | ||
"details": "There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9089" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-09-smartphone-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-200" | ||
], | ||
"severity": "LOW", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:13Z" | ||
} | ||
} |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2024/12/GHSA-pvh6-5fjm-pm8r/GHSA-pvh6-5fjm-pm8r.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
{ | ||
"schema_version": "1.4.0", | ||
"id": "GHSA-pvh6-5fjm-pm8r", | ||
"modified": "2024-12-27T12:30:35Z", | ||
"published": "2024-12-27T12:30:35Z", | ||
"aliases": [ | ||
"CVE-2020-9236" | ||
], | ||
"details": "There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.", | ||
"severity": [ | ||
{ | ||
"type": "CVSS_V3", | ||
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" | ||
} | ||
], | ||
"affected": [], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9236" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-fc-en" | ||
} | ||
], | ||
"database_specific": { | ||
"cwe_ids": [ | ||
"CWE-451" | ||
], | ||
"severity": "HIGH", | ||
"github_reviewed": false, | ||
"github_reviewed_at": null, | ||
"nvd_published_at": "2024-12-27T10:15:15Z" | ||
} | ||
} |
Oops, something went wrong.