Publish Advisories

GHSA-33fg-f8wx-chw2
GHSA-34m9-46jh-jxm4
GHSA-585p-83gh-3q2h
GHSA-5g7g-x455-7hxw
GHSA-6cq4-gm9p-p346
GHSA-7j7r-q59p-9gx9
GHSA-866j-7c9v-5xf7
GHSA-89mf-f6pj-p9h8
GHSA-8jh8-6h58-693c
GHSA-ggc2-vfpq-vw95
GHSA-x39m-p4wf-cv9f

advisories/unreviewed/2024/12/GHSA-33fg-f8wx-chw2/GHSA-33fg-f8wx-chw2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33fg-f8wx-chw2",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2023-7266"
+  ],
+  "details": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7266"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-420"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:19Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-34m9-46jh-jxm4/GHSA-34m9-46jh-jxm4.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34m9-46jh-jxm4",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2022-48470"
+  ],
+  "details": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48470"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-305"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:19Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-585p-83gh-3q2h/GHSA-585p-83gh-3q2h.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-585p-83gh-3q2h",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2023-7263"
+  ],
+  "details": "Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7263",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7263"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-35"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:19Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-5g7g-x455-7hxw/GHSA-5g7g-x455-7hxw.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5g7g-x455-7hxw",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2021-22484"
+  ],
+  "details": "Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.\n\n\n\n\nSuccessful exploitation of this vulnerability may cause a server out of memory (OOM).",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22484"
+    },
+    {
+      "type": "WEB",
+      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:18Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-6cq4-gm9p-p346/GHSA-6cq4-gm9p-p346.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6cq4-gm9p-p346",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2020-1823"
+  ],
+  "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1823"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:18Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-7j7r-q59p-9gx9/GHSA-7j7r-q59p-9gx9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7j7r-q59p-9gx9",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2020-1822"
+  ],
+  "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1822"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:18Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-866j-7c9v-5xf7/GHSA-866j-7c9v-5xf7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-866j-7c9v-5xf7",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2020-1821"
+  ],
+  "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1821"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:17Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-89mf-f6pj-p9h8/GHSA-89mf-f6pj-p9h8.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-89mf-f6pj-p9h8",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2021-37000"
+  ],
+  "details": "Some Huawei wearables have a permission management vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37000"
+    },
+    {
+      "type": "WEB",
+      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:18Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-8jh8-6h58-693c/GHSA-8jh8-6h58-693c.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8jh8-6h58-693c",
+  "modified": "2024-12-28T09:31:28Z",
+  "published": "2024-12-28T09:31:28Z",
+  "aliases": [
+    "CVE-2023-52718"
+  ],
+  "details": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-420"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T08:15:04Z"
+  }
+}

advisories/unreviewed/2024/12/GHSA-ggc2-vfpq-vw95/GHSA-ggc2-vfpq-vw95.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-ggc2-vfpq-vw95",
+  "modified": "2024-12-28T09:31:27Z",
+  "published": "2024-12-28T09:31:27Z",
+  "aliases": [
+    "CVE-2020-1820"
+  ],
+  "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1820"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-12-28T07:15:17Z"
+  }
+}