From 27429e14bf1dfbc36953adb55fad525fe1f39314 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 6 Feb 2021 02:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/27xxx/CVE-2020-27218.json | 5 + 2020/9xxx/CVE-2020-9118.json | 50 ++++++++- 2020/9xxx/CVE-2020-9205.json | 50 ++++++++- 2021/22xxx/CVE-2021-22298.json | 50 ++++++++- 2021/22xxx/CVE-2021-22299.json | 185 ++++++++++++++++++++++++++++++++- 2021/22xxx/CVE-2021-22500.json | 50 ++++++++- 6 files changed, 375 insertions(+), 15 deletions(-) diff --git a/2020/27xxx/CVE-2020-27218.json b/2020/27xxx/CVE-2020-27218.json index 692986f2b21..5ed1ebe8d5c 100644 --- a/2020/27xxx/CVE-2020-27218.json +++ b/2020/27xxx/CVE-2020-27218.json @@ -262,6 +262,11 @@ "refsource": "MLIST", "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", "url": "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988@%3Cissues.hbase.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218", + "url": "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e@%3Cissues.hbase.apache.org%3E" } ] } diff --git a/2020/9xxx/CVE-2020-9118.json b/2020/9xxx/CVE-2020-9118.json index 921b08aa000..04d1b0d9200 100644 --- a/2020/9xxx/CVE-2020-9118.json +++ b/2020/9xxx/CVE-2020-9118.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AIS-BW80H-00", + "version": { + "version_data": [ + { + "version_value": "9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Integrity Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00)." } ] } diff --git a/2020/9xxx/CVE-2020-9205.json b/2020/9xxx/CVE-2020-9205.json index 3e610a27bab..b91e95ff35d 100644 --- a/2020/9xxx/CVE-2020-9205.json +++ b/2020/9xxx/CVE-2020-9205.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9205", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageOne", + "version": { + "version_data": [ + { + "version_value": "8.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSV Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-csvinjection-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device." } ] } diff --git a/2021/22xxx/CVE-2021-22298.json b/2021/22xxx/CVE-2021-22298.json index 5ce93f61f5b..a152821acb5 100644 --- a/2021/22xxx/CVE-2021-22298.json +++ b/2021/22xxx/CVE-2021-22298.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageOne", + "version": { + "version_data": [ + { + "version_value": "6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Logic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090." } ] } diff --git a/2021/22xxx/CVE-2021-22299.json b/2021/22xxx/CVE-2021-22299.json index be2ce25719b..d808d64bb9e 100644 --- a/2021/22xxx/CVE-2021-22299.json +++ b/2021/22xxx/CVE-2021-22299.json @@ -4,14 +4,193 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ManageOne", + "version": { + "version_data": [ + { + "version_value": "6.5.0" + }, + { + "version_value": "6.5.0.SPC100.B210" + }, + { + "version_value": "6.5.1.1.B010" + }, + { + "version_value": "6.5.1.1.B020" + }, + { + "version_value": "6.5.1.1.B030" + }, + { + "version_value": "6.5.1.1.B040" + }, + { + "version_value": "6.5.1.SPC100.B050" + }, + { + "version_value": "6.5.1.SPC101.B010" + }, + { + "version_value": "6.5.1.SPC101.B040" + }, + { + "version_value": "6.5.1.SPC200" + }, + { + "version_value": "6.5.1.SPC200.B010" + }, + { + "version_value": "6.5.1.SPC200.B030" + }, + { + "version_value": "6.5.1.SPC200.B040" + }, + { + "version_value": "6.5.1.SPC200.B050" + }, + { + "version_value": "6.5.1.SPC200.B060" + }, + { + "version_value": "6.5.1.SPC200.B070" + }, + { + "version_value": "6.5.1RC1.B060" + }, + { + "version_value": "6.5.1RC2.B020" + }, + { + "version_value": "6.5.1RC2.B030" + }, + { + "version_value": "6.5.1RC2.B040" + }, + { + "version_value": "6.5.1RC2.B050" + }, + { + "version_value": "6.5.1RC2.B060" + }, + { + "version_value": "6.5.1RC2.B070" + }, + { + "version_value": "6.5.1RC2.B080" + }, + { + "version_value": "6.5.1RC2.B090" + }, + { + "version_value": "6.5.RC2.B050" + }, + { + "version_value": "8.0.0" + }, + { + "version_value": "8.0.0-LCND81" + }, + { + "version_value": "8.0.0.SPC100" + }, + { + "version_value": "8.0.1" + }, + { + "version_value": "8.0.RC2" + }, + { + "version_value": "8.0.RC3" + }, + { + "version_value": "8.0.RC3.B041" + }, + { + "version_value": "8.0.RC3.SPC100" + } + ] + } + }, + { + "product_name": "NFV_FusionSphere", + "version": { + "version_data": [ + { + "version_value": "6.5.1.SPC23" + }, + { + "version_value": "8.0.0.SPC12" + } + ] + } + }, + { + "product_name": "SMC2.0", + "version": { + "version_data": [ + { + "version_value": "V600R019C00" + }, + { + "version_value": "V600R019C10" + } + ] + } + }, + { + "product_name": "iMaster MAE-M", + "version": { + "version_data": [ + { + "version_value": "MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220." } ] } diff --git a/2021/22xxx/CVE-2021-22500.json b/2021/22xxx/CVE-2021-22500.json index b745d914de7..afcd52ad44e 100644 --- a/2021/22xxx/CVE-2021-22500.json +++ b/2021/22xxx/CVE-2021-22500.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22500", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@microfocus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Application Performance Management", + "version": { + "version_data": [ + { + "version_value": "9.40, 9.50, 9.51" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Request Forgery." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://softwaresupport.softwaregrp.com/doc/KM03775253", + "url": "https://softwaresupport.softwaregrp.com/doc/KM03775253" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing." } ] }