diff --git a/2021/20xxx/CVE-2021-20601.json b/2021/20xxx/CVE-2021-20601.json index 52c98d41ab5..63869ffbbd3 100644 --- a/2021/20xxx/CVE-2021-20601.json +++ b/2021/20xxx/CVE-2021-20601.json @@ -4,14 +4,83 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GOT2000 series GT27 model; GOT2000 series GT25 model; GOT2000 series GT23 model; GOT2000 series GT21 model; GOT SIMPLE series GS21 model; GT SoftGOT2000", + "version": { + "version_data": [ + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + }, + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf", + "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-018.pdf" + }, + { + "refsource": "MISC", + "name": "https://jvn.jp/vu/JVNVU98072504", + "url": "https://jvn.jp/vu/JVNVU98072504" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-320-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction." } ] } diff --git a/2021/22xxx/CVE-2021-22410.json b/2021/22xxx/CVE-2021-22410.json index f0966cd5281..f150aa1866b 100644 --- a/2021/22xxx/CVE-2021-22410.json +++ b/2021/22xxx/CVE-2021-22410.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-22410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "iMaster NCE-Fabric", + "version": { + "version_data": [ + { + "version_value": "V100R019C10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-xss-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client." } ] } diff --git a/2021/37xxx/CVE-2021-37036.json b/2021/37xxx/CVE-2021-37036.json index 0a021ed981e..962db50469b 100644 --- a/2021/37xxx/CVE-2021-37036.json +++ b/2021/37xxx/CVE-2021-37036.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-37036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FusionCompute;eCNS280_TD", + "version": { + "version_data": [ + { + "version_value": "6.5.1" + }, + { + "version_value": "V100R005C00,V100R005C10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210818-01-informationleak-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210818-01-informationleak-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak." } ] } diff --git a/2021/39xxx/CVE-2021-39976.json b/2021/39xxx/CVE-2021-39976.json index df409ddc4a4..59fa4b2813e 100644 --- a/2021/39xxx/CVE-2021-39976.json +++ b/2021/39xxx/CVE-2021-39976.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-39976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 5800", + "version": { + "version_data": [ + { + "version_value": "V200R020C00SPC600" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege." } ] } diff --git a/2021/4xxx/CVE-2021-4006.json b/2021/4xxx/CVE-2021-4006.json new file mode 100644 index 00000000000..5956d36cc1a --- /dev/null +++ b/2021/4xxx/CVE-2021-4006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-4006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file