diff --git a/advisories/unreviewed/2024/12/GHSA-33fg-f8wx-chw2/GHSA-33fg-f8wx-chw2.json b/advisories/unreviewed/2024/12/GHSA-33fg-f8wx-chw2/GHSA-33fg-f8wx-chw2.json new file mode 100644 index 0000000000000..bae86a865a067 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-33fg-f8wx-chw2/GHSA-33fg-f8wx-chw2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-33fg-f8wx-chw2", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2023-7266" + ], + "details": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7266" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-chvishhr-d616b19e-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-420" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-34m9-46jh-jxm4/GHSA-34m9-46jh-jxm4.json b/advisories/unreviewed/2024/12/GHSA-34m9-46jh-jxm4/GHSA-34m9-46jh-jxm4.json new file mode 100644 index 0000000000000..101ab4597161b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-34m9-46jh-jxm4/GHSA-34m9-46jh-jxm4.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-34m9-46jh-jxm4", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2022-48470" + ], + "details": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48470" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-iabvihhalp-ea34d670-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-305" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-585p-83gh-3q2h/GHSA-585p-83gh-3q2h.json b/advisories/unreviewed/2024/12/GHSA-585p-83gh-3q2h/GHSA-585p-83gh-3q2h.json new file mode 100644 index 0000000000000..8de3284f6955b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-585p-83gh-3q2h/GHSA-585p-83gh-3q2h.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-585p-83gh-3q2h", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2023-7263" + ], + "details": "Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7263", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7263" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-ptvihhms-20747ba3-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-35" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5g7g-x455-7hxw/GHSA-5g7g-x455-7hxw.json b/advisories/unreviewed/2024/12/GHSA-5g7g-x455-7hxw/GHSA-5g7g-x455-7hxw.json new file mode 100644 index 0000000000000..36bece9d817a9 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-5g7g-x455-7hxw/GHSA-5g7g-x455-7hxw.json @@ -0,0 +1,31 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5g7g-x455-7hxw", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2021-22484" + ], + "details": "Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.\n\n\n\n\nSuccessful exploitation of this vulnerability may cause a server out of memory (OOM).", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22484" + }, + { + "type": "WEB", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-20" + ], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-6cq4-gm9p-p346/GHSA-6cq4-gm9p-p346.json b/advisories/unreviewed/2024/12/GHSA-6cq4-gm9p-p346/GHSA-6cq4-gm9p-p346.json new file mode 100644 index 0000000000000..937e430808ac5 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-6cq4-gm9p-p346/GHSA-6cq4-gm9p-p346.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6cq4-gm9p-p346", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2020-1823" + ], + "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1823" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-7j7r-q59p-9gx9/GHSA-7j7r-q59p-9gx9.json b/advisories/unreviewed/2024/12/GHSA-7j7r-q59p-9gx9/GHSA-7j7r-q59p-9gx9.json new file mode 100644 index 0000000000000..ae2a3ea257431 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-7j7r-q59p-9gx9/GHSA-7j7r-q59p-9gx9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7j7r-q59p-9gx9", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2020-1822" + ], + "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1822" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-866j-7c9v-5xf7/GHSA-866j-7c9v-5xf7.json b/advisories/unreviewed/2024/12/GHSA-866j-7c9v-5xf7/GHSA-866j-7c9v-5xf7.json new file mode 100644 index 0000000000000..d63c46bcb2adb --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-866j-7c9v-5xf7/GHSA-866j-7c9v-5xf7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-866j-7c9v-5xf7", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2020-1821" + ], + "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1821" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-89mf-f6pj-p9h8/GHSA-89mf-f6pj-p9h8.json b/advisories/unreviewed/2024/12/GHSA-89mf-f6pj-p9h8/GHSA-89mf-f6pj-p9h8.json new file mode 100644 index 0000000000000..9424e98acd64f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-89mf-f6pj-p9h8/GHSA-89mf-f6pj-p9h8.json @@ -0,0 +1,34 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-89mf-f6pj-p9h8", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2021-37000" + ], + "details": "Some Huawei wearables have a permission management vulnerability.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37000" + }, + { + "type": "WEB", + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-wearables-202108-0000001135186780" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-8jh8-6h58-693c/GHSA-8jh8-6h58-693c.json b/advisories/unreviewed/2024/12/GHSA-8jh8-6h58-693c/GHSA-8jh8-6h58-693c.json new file mode 100644 index 0000000000000..ae624927ce185 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-8jh8-6h58-693c/GHSA-8jh8-6h58-693c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8jh8-6h58-693c", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2023-52718" + ], + "details": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52718" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/br/psirt/security-advisories/2024/huawei-sa-chvishhr-d50dedde-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-420" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T08:15:04Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-ggc2-vfpq-vw95/GHSA-ggc2-vfpq-vw95.json b/advisories/unreviewed/2024/12/GHSA-ggc2-vfpq-vw95/GHSA-ggc2-vfpq-vw95.json new file mode 100644 index 0000000000000..12fff13ac2fd5 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-ggc2-vfpq-vw95/GHSA-ggc2-vfpq-vw95.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ggc2-vfpq-vw95", + "modified": "2024-12-28T09:31:27Z", + "published": "2024-12-28T09:31:27Z", + "aliases": [ + "CVE-2020-1820" + ], + "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1820" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-x39m-p4wf-cv9f/GHSA-x39m-p4wf-cv9f.json b/advisories/unreviewed/2024/12/GHSA-x39m-p4wf-cv9f/GHSA-x39m-p4wf-cv9f.json new file mode 100644 index 0000000000000..4a557f4398322 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-x39m-p4wf-cv9f/GHSA-x39m-p4wf-cv9f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x39m-p4wf-cv9f", + "modified": "2024-12-28T09:31:28Z", + "published": "2024-12-28T09:31:28Z", + "aliases": [ + "CVE-2020-1824" + ], + "details": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1824" + }, + { + "type": "WEB", + "url": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-en" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T07:15:18Z" + } +} \ No newline at end of file