From 2f82d07c227ea6d62932c698425db7127d61295c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Jan 2021 22:03:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/9xxx/CVE-2020-9138.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9139.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9140.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9141.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9142.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9143.json | 53 ++++++++++++++++++++++++++++++++-- 2020/9xxx/CVE-2020-9203.json | 50 ++++++++++++++++++++++++++++++-- 2021/1xxx/CVE-2021-1144.json | 4 +-- 2021/1xxx/CVE-2021-1145.json | 4 +-- 2021/1xxx/CVE-2021-1267.json | 4 +-- 2021/1xxx/CVE-2021-1307.json | 4 +-- 2021/1xxx/CVE-2021-1310.json | 4 +-- 2021/1xxx/CVE-2021-1311.json | 4 +-- 2021/1xxx/CVE-2021-1360.json | 4 +-- 2021/24xxx/CVE-2021-24058.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24059.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24060.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24061.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24062.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24063.json | 18 ++++++++++++ 2021/24xxx/CVE-2021-24064.json | 18 ++++++++++++ 21 files changed, 487 insertions(+), 35 deletions(-) create mode 100644 2021/24xxx/CVE-2021-24058.json create mode 100644 2021/24xxx/CVE-2021-24059.json create mode 100644 2021/24xxx/CVE-2021-24060.json create mode 100644 2021/24xxx/CVE-2021-24061.json create mode 100644 2021/24xxx/CVE-2021-24062.json create mode 100644 2021/24xxx/CVE-2021-24063.json create mode 100644 2021/24xxx/CVE-2021-24064.json diff --git a/2020/9xxx/CVE-2020-9138.json b/2020/9xxx/CVE-2020-9138.json index a862df353ba..63a08cd4b1c 100644 --- a/2020/9xxx/CVE-2020-9138.json +++ b/2020/9xxx/CVE-2020-9138.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9138", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0" + }, + { + "version_value": "Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating." } ] } diff --git a/2020/9xxx/CVE-2020-9139.json b/2020/9xxx/CVE-2020-9139.json index eea3c3bed13..36fe66e07a4 100644 --- a/2020/9xxx/CVE-2020-9139.json +++ b/2020/9xxx/CVE-2020-9139.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0" + }, + { + "version_value": "Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service." } ] } diff --git a/2020/9xxx/CVE-2020-9140.json b/2020/9xxx/CVE-2020-9140.json index a4d0fd51d25..add2ce9dcaa 100644 --- a/2020/9xxx/CVE-2020-9140.json +++ b/2020/9xxx/CVE-2020-9140.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0" + }, + { + "version_value": "Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Access with Incorrect Length Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs." } ] } diff --git a/2020/9xxx/CVE-2020-9141.json b/2020/9xxx/CVE-2020-9141.json index a4c833bb174..948767c1e67 100644 --- a/2020/9xxx/CVE-2020-9141.json +++ b/2020/9xxx/CVE-2020-9141.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 10.1.1, EMUI 10.1.0" + }, + { + "version_value": "Magic UI 3.1.1, Magic UI 3.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity." } ] } diff --git a/2020/9xxx/CVE-2020-9142.json b/2020/9xxx/CVE-2020-9142.json index 81b10dd916c..f4ce957178c 100644 --- a/2020/9xxx/CVE-2020-9142.json +++ b/2020/9xxx/CVE-2020-9142.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0" + }, + { + "version_value": "Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file." } ] } diff --git a/2020/9xxx/CVE-2020-9143.json b/2020/9xxx/CVE-2020-9143.json index 9cbfa38db93..f8fa1aa6564 100644 --- a/2020/9xxx/CVE-2020-9143.json +++ b/2020/9xxx/CVE-2020-9143.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9143", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "EMUI;Magic UI", + "version": { + "version_data": [ + { + "version_value": "EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0" + }, + { + "version_value": "Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://consumer.huawei.com/en/support/bulletin/2020/12/", + "url": "https://consumer.huawei.com/en/support/bulletin/2020/12/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure." } ] } diff --git a/2020/9xxx/CVE-2020-9203.json b/2020/9xxx/CVE-2020-9203.json index 9d9efcd691a..945d002fded 100644 --- a/2020/9xxx/CVE-2020-9203.json +++ b/2020/9xxx/CVE-2020-9203.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI P30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.1.0.168(C00E168R2P11),Versions earlier than 10.1.0.168(C01E168R2P11),Versions earlier than 10.1.0.176(C635E4R2P4),Versions earlier than 10.1.0.177(C636E8R3P4),Versions earlier than 10.1.0.179(C10E8R5P1),Versions earlier than 10.1.0.179(C185E7R7P1),Versions earlier than 10.1.0.179(C605E23R1P3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-resourcemanagement-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience." } ] } diff --git a/2021/1xxx/CVE-2021-1144.json b/2021/1xxx/CVE-2021-1144.json index a3a4d349f0c..2c08baba1e4 100644 --- a/2021/1xxx/CVE-2021-1144.json +++ b/2021/1xxx/CVE-2021-1144.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user. " + "value": "A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1145.json b/2021/1xxx/CVE-2021-1145.json index 6cd454ab4f5..aeba2e1fc36 100644 --- a/2021/1xxx/CVE-2021-1145.json +++ b/2021/1xxx/CVE-2021-1145.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device. " + "value": "A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1267.json b/2021/1xxx/CVE-2021-1267.json index a1586a91659..1f6f50ff5ed 100644 --- a/2021/1xxx/CVE-2021-1267.json +++ b/2021/1xxx/CVE-2021-1267.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition. " + "value": "A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1307.json b/2021/1xxx/CVE-2021-1307.json index f4da0916b3c..28c16ea4039 100644 --- a/2021/1xxx/CVE-2021-1307.json +++ b/2021/1xxx/CVE-2021-1307.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -171,4 +171,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1310.json b/2021/1xxx/CVE-2021-1310.json index aacd3431e0c..d7e772d7525 100644 --- a/2021/1xxx/CVE-2021-1310.json +++ b/2021/1xxx/CVE-2021-1310.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites. " + "value": "A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites." } ] }, @@ -83,4 +83,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1311.json b/2021/1xxx/CVE-2021-1311.json index 0bea6b4aad9..47eb5e06d21 100644 --- a/2021/1xxx/CVE-2021-1311.json +++ b/2021/1xxx/CVE-2021-1311.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": " A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting. " + "value": "A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/1xxx/CVE-2021-1360.json b/2021/1xxx/CVE-2021-1360.json index dbb77b1ccd4..5ddd3c6e43f 100644 --- a/2021/1xxx/CVE-2021-1360.json +++ b/2021/1xxx/CVE-2021-1360.json @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. " + "value": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities." } ] }, @@ -171,4 +171,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24058.json b/2021/24xxx/CVE-2021-24058.json new file mode 100644 index 00000000000..d60e182155e --- /dev/null +++ b/2021/24xxx/CVE-2021-24058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24059.json b/2021/24xxx/CVE-2021-24059.json new file mode 100644 index 00000000000..f72bbc7867f --- /dev/null +++ b/2021/24xxx/CVE-2021-24059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24060.json b/2021/24xxx/CVE-2021-24060.json new file mode 100644 index 00000000000..4d374ff8b7a --- /dev/null +++ b/2021/24xxx/CVE-2021-24060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24061.json b/2021/24xxx/CVE-2021-24061.json new file mode 100644 index 00000000000..03189b5177e --- /dev/null +++ b/2021/24xxx/CVE-2021-24061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24062.json b/2021/24xxx/CVE-2021-24062.json new file mode 100644 index 00000000000..53c2798eead --- /dev/null +++ b/2021/24xxx/CVE-2021-24062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24063.json b/2021/24xxx/CVE-2021-24063.json new file mode 100644 index 00000000000..05fb2be9cdb --- /dev/null +++ b/2021/24xxx/CVE-2021-24063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/24xxx/CVE-2021-24064.json b/2021/24xxx/CVE-2021-24064.json new file mode 100644 index 00000000000..cf5d2510a97 --- /dev/null +++ b/2021/24xxx/CVE-2021-24064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-24064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file