diff --git a/2021/20xxx/CVE-2021-20593.json b/2021/20xxx/CVE-2021-20593.json index 422bd917c81..3b84a64c8f0 100644 --- a/2021/20xxx/CVE-2021-20593.json +++ b/2021/20xxx/CVE-2021-20593.json @@ -4,14 +4,117 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Air Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA", + "version": { + "version_data": [ + { + "version_value": "Ver.2.50 to Ver.3.35" + }, + { + "version_value": "Ver.2.50 to Ver.3.35" + }, + { + "version_value": "Ver.3.20 and prior" + }, + { + "version_value": "Ver.3.20 and prior" + }, + { + "version_value": "Ver.3.20 and prior" + }, + { + "version_value": "Ver.3.20 and prior" + }, + { + "version_value": "Ver 7.09 and prior" + }, + { + "version_value": "Ver 7.09 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver 7.93 and prior" + }, + { + "version_value": "Ver.1.30 and prior" + }, + { + "version_value": "Ver.2.20 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Implementation of Authentication Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf", + "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-004_en.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU96046575/index.html", + "url": "https://jvn.jp/vu/JVNVU96046575/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability." } ] } diff --git a/2021/31xxx/CVE-2021-31220.json b/2021/31xxx/CVE-2021-31220.json index 2bb870738ea..5a544cd5b07 100644 --- a/2021/31xxx/CVE-2021-31220.json +++ b/2021/31xxx/CVE-2021-31220.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31220", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31220", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-022/", + "url": "https://advisories.stormshield.eu/2021-022/" } ] } diff --git a/2021/31xxx/CVE-2021-31221.json b/2021/31xxx/CVE-2021-31221.json index e538ab3884b..c82be160738 100644 --- a/2021/31xxx/CVE-2021-31221.json +++ b/2021/31xxx/CVE-2021-31221.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31221", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31221", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-023/", + "url": "https://advisories.stormshield.eu/2021-023/" } ] } diff --git a/2021/31xxx/CVE-2021-31222.json b/2021/31xxx/CVE-2021-31222.json index 8253a688d13..e1bd14ee2b5 100644 --- a/2021/31xxx/CVE-2021-31222.json +++ b/2021/31xxx/CVE-2021-31222.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31222", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31222", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-024/", + "url": "https://advisories.stormshield.eu/2021-024/" } ] } diff --git a/2021/31xxx/CVE-2021-31223.json b/2021/31xxx/CVE-2021-31223.json index 7a7f65f779c..f3e9166f4d8 100644 --- a/2021/31xxx/CVE-2021-31223.json +++ b/2021/31xxx/CVE-2021-31223.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31223", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31223", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-025/", + "url": "https://advisories.stormshield.eu/2021-025/" } ] } diff --git a/2021/31xxx/CVE-2021-31224.json b/2021/31xxx/CVE-2021-31224.json index 0acf33ac76c..5d05d3aa172 100644 --- a/2021/31xxx/CVE-2021-31224.json +++ b/2021/31xxx/CVE-2021-31224.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-31224", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-31224", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-026/", + "url": "https://advisories.stormshield.eu/2021-026/" } ] } diff --git a/2021/33xxx/CVE-2021-33578.json b/2021/33xxx/CVE-2021-33578.json index 8f0847a26fc..f85444b9fa6 100644 --- a/2021/33xxx/CVE-2021-33578.json +++ b/2021/33xxx/CVE-2021-33578.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-33578", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-33578", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language (SQL) records, and manipulate data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md", + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md" } ] } diff --git a/2021/35xxx/CVE-2021-35957.json b/2021/35xxx/CVE-2021-35957.json index 0c04054fe3f..c14a57b6e27 100644 --- a/2021/35xxx/CVE-2021-35957.json +++ b/2021/35xxx/CVE-2021-35957.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-35957", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-35957", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\\system32) with malicious ones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.stormshield.eu", + "refsource": "MISC", + "name": "https://advisories.stormshield.eu" + }, + { + "refsource": "MISC", + "name": "https://advisories.stormshield.eu/2021-045/", + "url": "https://advisories.stormshield.eu/2021-045/" } ] } diff --git a/2021/36xxx/CVE-2021-36121.json b/2021/36xxx/CVE-2021-36121.json index ef8d7043931..130089792a7 100644 --- a/2021/36xxx/CVE-2021-36121.json +++ b/2021/36xxx/CVE-2021-36121.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36121", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36121", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\\SYSTEM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md", + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md" } ] } diff --git a/2021/36xxx/CVE-2021-36123.json b/2021/36xxx/CVE-2021-36123.json index a5cb25c1703..b6133f09483 100644 --- a/2021/36xxx/CVE-2021-36123.json +++ b/2021/36xxx/CVE-2021-36123.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md", + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md" } ] } diff --git a/2021/36xxx/CVE-2021-36124.json b/2021/36xxx/CVE-2021-36124.json index 5f4511d6f87..67f71a648b1 100644 --- a/2021/36xxx/CVE-2021-36124.json +++ b/2021/36xxx/CVE-2021-36124.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-36124", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-36124", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md", + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md" } ] }