From 4cec21c50c098471284814fa48ce0bf09f291ad9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Sep 2024 19:01:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/32xxx/CVE-2023-32178.json | 4 ++-- 2023/32xxx/CVE-2023-32179.json | 4 ++-- 2023/34xxx/CVE-2023-34286.json | 4 ++-- 2023/34xxx/CVE-2023-34287.json | 4 ++-- 2023/34xxx/CVE-2023-34288.json | 4 ++-- 2023/34xxx/CVE-2023-34289.json | 4 ++-- 2023/34xxx/CVE-2023-34290.json | 4 ++-- 2023/34xxx/CVE-2023-34291.json | 4 ++-- 2023/34xxx/CVE-2023-34292.json | 4 ++-- 2023/34xxx/CVE-2023-34293.json | 4 ++-- 2023/34xxx/CVE-2023-34299.json | 4 ++-- 2023/34xxx/CVE-2023-34300.json | 4 ++-- 2023/34xxx/CVE-2023-34301.json | 4 ++-- 2023/34xxx/CVE-2023-34302.json | 4 ++-- 2023/34xxx/CVE-2023-34303.json | 4 ++-- 2023/34xxx/CVE-2023-34304.json | 4 ++-- 2023/34xxx/CVE-2023-34305.json | 4 ++-- 2023/34xxx/CVE-2023-34306.json | 4 ++-- 2023/34xxx/CVE-2023-34307.json | 4 ++-- 2023/34xxx/CVE-2023-34308.json | 4 ++-- 2023/34xxx/CVE-2023-34309.json | 4 ++-- 2023/34xxx/CVE-2023-34310.json | 4 ++-- 2023/34xxx/CVE-2023-34311.json | 4 ++-- 2023/35xxx/CVE-2023-35709.json | 4 ++-- 2023/35xxx/CVE-2023-35710.json | 4 ++-- 2023/35xxx/CVE-2023-35711.json | 4 ++-- 2023/35xxx/CVE-2023-35712.json | 4 ++-- 2023/35xxx/CVE-2023-35713.json | 4 ++-- 2023/35xxx/CVE-2023-35714.json | 4 ++-- 2023/35xxx/CVE-2023-35715.json | 4 ++-- 2023/35xxx/CVE-2023-35716.json | 4 ++-- 2023/35xxx/CVE-2023-35717.json | 4 ++-- 2023/35xxx/CVE-2023-35718.json | 4 ++-- 2023/35xxx/CVE-2023-35724.json | 4 ++-- 2023/35xxx/CVE-2023-35725.json | 4 ++-- 2023/35xxx/CVE-2023-35726.json | 4 ++-- 2023/35xxx/CVE-2023-35727.json | 4 ++-- 2023/35xxx/CVE-2023-35728.json | 4 ++-- 2023/35xxx/CVE-2023-35729.json | 4 ++-- 2023/35xxx/CVE-2023-35730.json | 4 ++-- 2023/35xxx/CVE-2023-35731.json | 4 ++-- 2023/35xxx/CVE-2023-35732.json | 4 ++-- 2023/35xxx/CVE-2023-35733.json | 4 ++-- 2023/35xxx/CVE-2023-35735.json | 4 ++-- 2023/35xxx/CVE-2023-35736.json | 4 ++-- 2023/35xxx/CVE-2023-35737.json | 4 ++-- 2023/35xxx/CVE-2023-35738.json | 4 ++-- 2023/35xxx/CVE-2023-35739.json | 4 ++-- 2023/35xxx/CVE-2023-35740.json | 4 ++-- 2023/35xxx/CVE-2023-35741.json | 4 ++-- 2023/35xxx/CVE-2023-35742.json | 4 ++-- 2023/35xxx/CVE-2023-35744.json | 4 ++-- 2023/35xxx/CVE-2023-35745.json | 4 ++-- 2023/35xxx/CVE-2023-35746.json | 4 ++-- 2023/35xxx/CVE-2023-35747.json | 4 ++-- 2023/35xxx/CVE-2023-35748.json | 4 ++-- 2023/35xxx/CVE-2023-35749.json | 4 ++-- 2023/35xxx/CVE-2023-35750.json | 4 ++-- 2023/35xxx/CVE-2023-35751.json | 4 ++-- 2023/35xxx/CVE-2023-35752.json | 4 ++-- 2023/35xxx/CVE-2023-35753.json | 4 ++-- 2023/35xxx/CVE-2023-35754.json | 4 ++-- 2023/35xxx/CVE-2023-35755.json | 4 ++-- 2023/35xxx/CVE-2023-35756.json | 4 ++-- 2023/35xxx/CVE-2023-35757.json | 4 ++-- 2023/37xxx/CVE-2023-37310.json | 4 ++-- 2023/37xxx/CVE-2023-37311.json | 4 ++-- 2023/37xxx/CVE-2023-37312.json | 4 ++-- 2023/37xxx/CVE-2023-37313.json | 4 ++-- 2023/37xxx/CVE-2023-37314.json | 4 ++-- 2023/37xxx/CVE-2023-37315.json | 4 ++-- 2023/37xxx/CVE-2023-37316.json | 4 ++-- 2023/37xxx/CVE-2023-37317.json | 4 ++-- 2023/37xxx/CVE-2023-37318.json | 4 ++-- 2023/37xxx/CVE-2023-37319.json | 4 ++-- 2023/37xxx/CVE-2023-37320.json | 4 ++-- 2023/37xxx/CVE-2023-37321.json | 4 ++-- 2023/37xxx/CVE-2023-37322.json | 4 ++-- 2023/37xxx/CVE-2023-37323.json | 4 ++-- 2023/37xxx/CVE-2023-37324.json | 4 ++-- 2023/37xxx/CVE-2023-37325.json | 4 ++-- 2023/37xxx/CVE-2023-37326.json | 4 ++-- 2023/37xxx/CVE-2023-37328.json | 4 ++-- 2023/38xxx/CVE-2023-38095.json | 2 +- 2023/38xxx/CVE-2023-38096.json | 4 ++-- 2023/38xxx/CVE-2023-38098.json | 2 +- 2023/38xxx/CVE-2023-38099.json | 2 +- 2023/38xxx/CVE-2023-38100.json | 2 +- 2023/38xxx/CVE-2023-38101.json | 4 ++-- 2023/38xxx/CVE-2023-38102.json | 2 +- 2023/38xxx/CVE-2023-38120.json | 4 ++-- 2023/39xxx/CVE-2023-39473.json | 4 ++-- 2023/39xxx/CVE-2023-39474.json | 4 ++-- 2023/40xxx/CVE-2023-40474.json | 4 ++-- 2023/40xxx/CVE-2023-40475.json | 4 ++-- 2023/40xxx/CVE-2023-40476.json | 4 ++-- 2023/40xxx/CVE-2023-40492.json | 4 ++-- 2023/40xxx/CVE-2023-40493.json | 4 ++-- 2023/40xxx/CVE-2023-40494.json | 4 ++-- 2023/40xxx/CVE-2023-40495.json | 4 ++-- 100 files changed, 195 insertions(+), 195 deletions(-) diff --git a/2023/32xxx/CVE-2023-32178.json b/2023/32xxx/CVE-2023-32178.json index 4a644b03167..e2e44ce6f21 100644 --- a/2023/32xxx/CVE-2023-32178.json +++ b/2023/32xxx/CVE-2023-32178.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the TelFileTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19396." + "value": "VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the TelFileTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.\n. Was ZDI-CAN-19396." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "VIPRE Antivirus Plus v11.0.6.22" } ] } diff --git a/2023/32xxx/CVE-2023-32179.json b/2023/32xxx/CVE-2023-32179.json index 843b6930e79..178d8710c24 100644 --- a/2023/32xxx/CVE-2023-32179.json +++ b/2023/32xxx/CVE-2023-32179.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19397." + "value": "VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.\n. Was ZDI-CAN-19397." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "VIPRE Antivirus Plus v11.0.6.22" } ] } diff --git a/2023/34xxx/CVE-2023-34286.json b/2023/34xxx/CVE-2023-34286.json index 606de76872b..3fd19fb6f06 100644 --- a/2023/34xxx/CVE-2023-34286.json +++ b/2023/34xxx/CVE-2023-34286.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17891." + "value": "Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17891." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34287.json b/2023/34xxx/CVE-2023-34287.json index 706c81e9b4d..ef8f8c40931 100644 --- a/2023/34xxx/CVE-2023-34287.json +++ b/2023/34xxx/CVE-2023-34287.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17892." + "value": "Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17892." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34288.json b/2023/34xxx/CVE-2023-34288.json index b5feae7d487..ab16db55b84 100644 --- a/2023/34xxx/CVE-2023-34288.json +++ b/2023/34xxx/CVE-2023-34288.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17966." + "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17966." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34289.json b/2023/34xxx/CVE-2023-34289.json index 2b77cfb69eb..fd49495fa1f 100644 --- a/2023/34xxx/CVE-2023-34289.json +++ b/2023/34xxx/CVE-2023-34289.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17985." + "value": "Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17985." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34290.json b/2023/34xxx/CVE-2023-34290.json index 699710aa838..0ade299c89c 100644 --- a/2023/34xxx/CVE-2023-34290.json +++ b/2023/34xxx/CVE-2023-34290.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18007." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18007." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34291.json b/2023/34xxx/CVE-2023-34291.json index 8fc2492d5fe..d89f0c59d8a 100644 --- a/2023/34xxx/CVE-2023-34291.json +++ b/2023/34xxx/CVE-2023-34291.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18401." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18401." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.49" } ] } diff --git a/2023/34xxx/CVE-2023-34292.json b/2023/34xxx/CVE-2023-34292.json index ecb91bae033..4509b404aad 100644 --- a/2023/34xxx/CVE-2023-34292.json +++ b/2023/34xxx/CVE-2023-34292.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18552." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18552." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.49" } ] } diff --git a/2023/34xxx/CVE-2023-34293.json b/2023/34xxx/CVE-2023-34293.json index 816a137ef88..4405be68723 100644 --- a/2023/34xxx/CVE-2023-34293.json +++ b/2023/34xxx/CVE-2023-34293.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18636." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18636." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.49" } ] } diff --git a/2023/34xxx/CVE-2023-34299.json b/2023/34xxx/CVE-2023-34299.json index 450d8970023..2f32d041f72 100644 --- a/2023/34xxx/CVE-2023-34299.json +++ b/2023/34xxx/CVE-2023-34299.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17910." + "value": "Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17910." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34300.json b/2023/34xxx/CVE-2023-34300.json index ed8e6220bbb..c69371baa3b 100644 --- a/2023/34xxx/CVE-2023-34300.json +++ b/2023/34xxx/CVE-2023-34300.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17948." + "value": "Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17948." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34301.json b/2023/34xxx/CVE-2023-34301.json index 79938c99af0..9de76ec3d4b 100644 --- a/2023/34xxx/CVE-2023-34301.json +++ b/2023/34xxx/CVE-2023-34301.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17909." + "value": "Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17909." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34302.json b/2023/34xxx/CVE-2023-34302.json index fe51bc92f89..a61b27c97d5 100644 --- a/2023/34xxx/CVE-2023-34302.json +++ b/2023/34xxx/CVE-2023-34302.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17865." + "value": "Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17865." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34303.json b/2023/34xxx/CVE-2023-34303.json index 45db9a3d476..bbadfce68f7 100644 --- a/2023/34xxx/CVE-2023-34303.json +++ b/2023/34xxx/CVE-2023-34303.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17987." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-17987." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34304.json b/2023/34xxx/CVE-2023-34304.json index 2ddb9bea720..74e7b1a6c81 100644 --- a/2023/34xxx/CVE-2023-34304.json +++ b/2023/34xxx/CVE-2023-34304.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18006." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18006." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/34xxx/CVE-2023-34305.json b/2023/34xxx/CVE-2023-34305.json index df20cbd4e26..30de5149bc4 100644 --- a/2023/34xxx/CVE-2023-34305.json +++ b/2023/34xxx/CVE-2023-34305.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18637." + "value": "Ashlar-Vellum Cobalt Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of X_B or X_T files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18637." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.49" } ] } diff --git a/2023/34xxx/CVE-2023-34306.json b/2023/34xxx/CVE-2023-34306.json index 1c67c71b50b..1019c74b23e 100644 --- a/2023/34xxx/CVE-2023-34306.json +++ b/2023/34xxx/CVE-2023-34306.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18908." + "value": "Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18908." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Graphite v13 Special Edition. Build 13.0.46" } ] } diff --git a/2023/34xxx/CVE-2023-34307.json b/2023/34xxx/CVE-2023-34307.json index 71e7fbe21d8..5145a867ea3 100644 --- a/2023/34xxx/CVE-2023-34307.json +++ b/2023/34xxx/CVE-2023-34307.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18910." + "value": "Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18910." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Graphite v13 Special Edition. Build 13.0.46" } ] } diff --git a/2023/34xxx/CVE-2023-34308.json b/2023/34xxx/CVE-2023-34308.json index f1d731b8277..bf6e2e7f38b 100644 --- a/2023/34xxx/CVE-2023-34308.json +++ b/2023/34xxx/CVE-2023-34308.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18913." + "value": "Ashlar-Vellum Graphite VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18913." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Graphite v13 Special Edition. Build 13.0.46" } ] } diff --git a/2023/34xxx/CVE-2023-34309.json b/2023/34xxx/CVE-2023-34309.json index 0a2131b28e8..ac3c05b2502 100644 --- a/2023/34xxx/CVE-2023-34309.json +++ b/2023/34xxx/CVE-2023-34309.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19876." + "value": "Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19876." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.57" } ] } diff --git a/2023/34xxx/CVE-2023-34310.json b/2023/34xxx/CVE-2023-34310.json index 8db66165375..b974e5adc56 100644 --- a/2023/34xxx/CVE-2023-34310.json +++ b/2023/34xxx/CVE-2023-34310.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19878." + "value": "Ashlar-Vellum Cobalt Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19878." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.57" } ] } diff --git a/2023/34xxx/CVE-2023-34311.json b/2023/34xxx/CVE-2023-34311.json index 639919d01e1..e00a7ccd412 100644 --- a/2023/34xxx/CVE-2023-34311.json +++ b/2023/34xxx/CVE-2023-34311.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19879." + "value": "Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19879." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.57" } ] } diff --git a/2023/35xxx/CVE-2023-35709.json b/2023/35xxx/CVE-2023-35709.json index 054fb53c697..2b53ee75359 100644 --- a/2023/35xxx/CVE-2023-35709.json +++ b/2023/35xxx/CVE-2023-35709.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19928." + "value": "Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19928." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.57" } ] } diff --git a/2023/35xxx/CVE-2023-35710.json b/2023/35xxx/CVE-2023-35710.json index 4103392a993..53f9d01020d 100644 --- a/2023/35xxx/CVE-2023-35710.json +++ b/2023/35xxx/CVE-2023-35710.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19956." + "value": "Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-19956." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.57" } ] } diff --git a/2023/35xxx/CVE-2023-35711.json b/2023/35xxx/CVE-2023-35711.json index a469f0fec7b..6e3e28c0d9c 100644 --- a/2023/35xxx/CVE-2023-35711.json +++ b/2023/35xxx/CVE-2023-35711.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20189." + "value": "Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20189." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.59" } ] } diff --git a/2023/35xxx/CVE-2023-35712.json b/2023/35xxx/CVE-2023-35712.json index b325a5c174e..c9c44c44558 100644 --- a/2023/35xxx/CVE-2023-35712.json +++ b/2023/35xxx/CVE-2023-35712.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20200." + "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20200." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.59" } ] } diff --git a/2023/35xxx/CVE-2023-35713.json b/2023/35xxx/CVE-2023-35713.json index ece872aedd4..1b658b97956 100644 --- a/2023/35xxx/CVE-2023-35713.json +++ b/2023/35xxx/CVE-2023-35713.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20201." + "value": "Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20201." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.59" } ] } diff --git a/2023/35xxx/CVE-2023-35714.json b/2023/35xxx/CVE-2023-35714.json index d6310bd8f84..3a84412318a 100644 --- a/2023/35xxx/CVE-2023-35714.json +++ b/2023/35xxx/CVE-2023-35714.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18005." + "value": "Ashlar-Vellum Cobalt IGS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-18005." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 11 build 1111" } ] } diff --git a/2023/35xxx/CVE-2023-35715.json b/2023/35xxx/CVE-2023-35715.json index f2a7fecc6b9..a65cc71ef87 100644 --- a/2023/35xxx/CVE-2023-35715.json +++ b/2023/35xxx/CVE-2023-35715.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20408." + "value": "Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20408." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.60" } ] } diff --git a/2023/35xxx/CVE-2023-35716.json b/2023/35xxx/CVE-2023-35716.json index 014e4eaa474..c47530a4440 100644 --- a/2023/35xxx/CVE-2023-35716.json +++ b/2023/35xxx/CVE-2023-35716.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20417." + "value": "Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20417." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Ashlar-Vellum Cobalt 12 beta build 1204.60" } ] } diff --git a/2023/35xxx/CVE-2023-35717.json b/2023/35xxx/CVE-2023-35717.json index aa85f3fbc02..3768bda1d83 100644 --- a/2023/35xxx/CVE-2023-35717.json +++ b/2023/35xxx/CVE-2023-35717.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the password recovery mechanism. The issue results from reliance upon the secrecy of the password derivation algorithm when generating a recovery password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20484." + "value": "TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the password recovery mechanism. The issue results from reliance upon the secrecy of the password derivation algorithm when generating a recovery password. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-20484." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.3.0 Build 220830 Rel.69909n (release 2022-09-22)" } ] } diff --git a/2023/35xxx/CVE-2023-35718.json b/2023/35xxx/CVE-2023-35718.json index e76fb72ffa7..3e30c8e5a7b 100644 --- a/2023/35xxx/CVE-2023-35718.json +++ b/2023/35xxx/CVE-2023-35718.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20061." + "value": "D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20061." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35724.json b/2023/35xxx/CVE-2023-35724.json index 7e717e5997d..8059cea2233 100644 --- a/2023/35xxx/CVE-2023-35724.json +++ b/2023/35xxx/CVE-2023-35724.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20050." + "value": "D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the CLI service, which listens on TCP port 23. The server program contains hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-20050." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35725.json b/2023/35xxx/CVE-2023-35725.json index 31f3016a215..55a1a48357a 100644 --- a/2023/35xxx/CVE-2023-35725.json +++ b/2023/35xxx/CVE-2023-35725.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20052." + "value": "D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20052." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35726.json b/2023/35xxx/CVE-2023-35726.json index 1832846ce5b..9a3e3fe7508 100644 --- a/2023/35xxx/CVE-2023-35726.json +++ b/2023/35xxx/CVE-2023-35726.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20053." + "value": "D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20053." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35727.json b/2023/35xxx/CVE-2023-35727.json index 0d04e34523a..5c3a9569907 100644 --- a/2023/35xxx/CVE-2023-35727.json +++ b/2023/35xxx/CVE-2023-35727.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20054." + "value": "D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20054." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35728.json b/2023/35xxx/CVE-2023-35728.json index e743e910f69..5b86ce3dcc2 100644 --- a/2023/35xxx/CVE-2023-35728.json +++ b/2023/35xxx/CVE-2023-35728.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20055." + "value": "D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20055." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35729.json b/2023/35xxx/CVE-2023-35729.json index 61d62094d16..a6c669f94f0 100644 --- a/2023/35xxx/CVE-2023-35729.json +++ b/2023/35xxx/CVE-2023-35729.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20056." + "value": "D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20056." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35730.json b/2023/35xxx/CVE-2023-35730.json index 2b53baf10c5..df94ba79566 100644 --- a/2023/35xxx/CVE-2023-35730.json +++ b/2023/35xxx/CVE-2023-35730.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20057." + "value": "D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20057." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35731.json b/2023/35xxx/CVE-2023-35731.json index d00e64fab31..65e4e2d3f9f 100644 --- a/2023/35xxx/CVE-2023-35731.json +++ b/2023/35xxx/CVE-2023-35731.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20058." + "value": "D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20058." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35732.json b/2023/35xxx/CVE-2023-35732.json index 452b92c98b6..7a619a9d15a 100644 --- a/2023/35xxx/CVE-2023-35732.json +++ b/2023/35xxx/CVE-2023-35732.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20059." + "value": "D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20059." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35733.json b/2023/35xxx/CVE-2023-35733.json index 0a3c4a524bc..f4cf9c8ad6b 100644 --- a/2023/35xxx/CVE-2023-35733.json +++ b/2023/35xxx/CVE-2023-35733.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20060." + "value": "D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20060." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35735.json b/2023/35xxx/CVE-2023-35735.json index ec57447fc97..0c6156e7162 100644 --- a/2023/35xxx/CVE-2023-35735.json +++ b/2023/35xxx/CVE-2023-35735.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20062." + "value": "D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20062." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35736.json b/2023/35xxx/CVE-2023-35736.json index 42a6e0b58bf..d74016821da 100644 --- a/2023/35xxx/CVE-2023-35736.json +++ b/2023/35xxx/CVE-2023-35736.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20063." + "value": "D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20063." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35737.json b/2023/35xxx/CVE-2023-35737.json index 0db6184346c..4d5c0d56175 100644 --- a/2023/35xxx/CVE-2023-35737.json +++ b/2023/35xxx/CVE-2023-35737.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20064." + "value": "D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20064." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35738.json b/2023/35xxx/CVE-2023-35738.json index 8c0185f2932..21c90a13099 100644 --- a/2023/35xxx/CVE-2023-35738.json +++ b/2023/35xxx/CVE-2023-35738.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20065." + "value": "D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20065." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35739.json b/2023/35xxx/CVE-2023-35739.json index 1d4ad8e30e1..9addd2275d1 100644 --- a/2023/35xxx/CVE-2023-35739.json +++ b/2023/35xxx/CVE-2023-35739.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20066." + "value": "D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20066." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35740.json b/2023/35xxx/CVE-2023-35740.json index 0766008c161..7e711b1a52e 100644 --- a/2023/35xxx/CVE-2023-35740.json +++ b/2023/35xxx/CVE-2023-35740.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20067." + "value": "D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20067." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35741.json b/2023/35xxx/CVE-2023-35741.json index 3e7239085c1..f226a9b3326 100644 --- a/2023/35xxx/CVE-2023-35741.json +++ b/2023/35xxx/CVE-2023-35741.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20068." + "value": "D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20068." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35742.json b/2023/35xxx/CVE-2023-35742.json index fa5359fbbcb..9165e5b0f6c 100644 --- a/2023/35xxx/CVE-2023-35742.json +++ b/2023/35xxx/CVE-2023-35742.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20069." + "value": "D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20069." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35744.json b/2023/35xxx/CVE-2023-35744.json index dd50e8321d6..7952db3d682 100644 --- a/2023/35xxx/CVE-2023-35744.json +++ b/2023/35xxx/CVE-2023-35744.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20071." + "value": "D-Link DAP-2622 DDP Configuration Restore Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20071." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35745.json b/2023/35xxx/CVE-2023-35745.json index 0e51256dfb6..f18692570df 100644 --- a/2023/35xxx/CVE-2023-35745.json +++ b/2023/35xxx/CVE-2023-35745.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20073." + "value": "D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20073." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35746.json b/2023/35xxx/CVE-2023-35746.json index f15e7aaf594..546c9f3eeb8 100644 --- a/2023/35xxx/CVE-2023-35746.json +++ b/2023/35xxx/CVE-2023-35746.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20074." + "value": "D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20074." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35747.json b/2023/35xxx/CVE-2023-35747.json index 4758b5b3398..76f9e2e859c 100644 --- a/2023/35xxx/CVE-2023-35747.json +++ b/2023/35xxx/CVE-2023-35747.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Firmware Upgrade Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20075." + "value": "D-Link DAP-2622 DDP Firmware Upgrade Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20075." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35748.json b/2023/35xxx/CVE-2023-35748.json index 6827a38076e..2dd4496c0bb 100644 --- a/2023/35xxx/CVE-2023-35748.json +++ b/2023/35xxx/CVE-2023-35748.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20076." + "value": "D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20076." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35749.json b/2023/35xxx/CVE-2023-35749.json index 3b1d766fea4..e1170bb3835 100644 --- a/2023/35xxx/CVE-2023-35749.json +++ b/2023/35xxx/CVE-2023-35749.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077." + "value": "D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20077." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35750.json b/2023/35xxx/CVE-2023-35750.json index c87172e05c4..46ebc80a82d 100644 --- a/2023/35xxx/CVE-2023-35750.json +++ b/2023/35xxx/CVE-2023-35750.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20078." + "value": "D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.\n. Was ZDI-CAN-20078." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35751.json b/2023/35xxx/CVE-2023-35751.json index ed0b8397a94..97a33a12c34 100644 --- a/2023/35xxx/CVE-2023-35751.json +++ b/2023/35xxx/CVE-2023-35751.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20079." + "value": "D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20079." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35752.json b/2023/35xxx/CVE-2023-35752.json index 628b66b9297..1aa2f29f1a6 100644 --- a/2023/35xxx/CVE-2023-35752.json +++ b/2023/35xxx/CVE-2023-35752.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20080." + "value": "D-Link DAP-2622 DDP Set AG Profile Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20080." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35753.json b/2023/35xxx/CVE-2023-35753.json index 9dce3e55fd8..71ad9e2a2f3 100644 --- a/2023/35xxx/CVE-2023-35753.json +++ b/2023/35xxx/CVE-2023-35753.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20081." + "value": "D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20081." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35754.json b/2023/35xxx/CVE-2023-35754.json index f44f6cabc2e..cd7f5a5c9b0 100644 --- a/2023/35xxx/CVE-2023-35754.json +++ b/2023/35xxx/CVE-2023-35754.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20082." + "value": "D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20082." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35755.json b/2023/35xxx/CVE-2023-35755.json index d8db8954d86..711284079e1 100644 --- a/2023/35xxx/CVE-2023-35755.json +++ b/2023/35xxx/CVE-2023-35755.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20083." + "value": "D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20083." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35756.json b/2023/35xxx/CVE-2023-35756.json index 5636deaab6e..0d25554efe7 100644 --- a/2023/35xxx/CVE-2023-35756.json +++ b/2023/35xxx/CVE-2023-35756.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20084." + "value": "D-Link DAP-2622 DDP Set Date-Time Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20084." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/35xxx/CVE-2023-35757.json b/2023/35xxx/CVE-2023-35757.json index 6b7d437a87e..2f0c8952238 100644 --- a/2023/35xxx/CVE-2023-35757.json +++ b/2023/35xxx/CVE-2023-35757.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20085." + "value": "D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20085." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37310.json b/2023/37xxx/CVE-2023-37310.json index 923ee56f106..92d6f1294ff 100644 --- a/2023/37xxx/CVE-2023-37310.json +++ b/2023/37xxx/CVE-2023-37310.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20087." + "value": "D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20087." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37311.json b/2023/37xxx/CVE-2023-37311.json index 3dd65b3a622..b364967841a 100644 --- a/2023/37xxx/CVE-2023-37311.json +++ b/2023/37xxx/CVE-2023-37311.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20088." + "value": "D-Link DAP-2622 DDP Set Device Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20088." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37312.json b/2023/37xxx/CVE-2023-37312.json index 44241ea1689..b89ea497f66 100644 --- a/2023/37xxx/CVE-2023-37312.json +++ b/2023/37xxx/CVE-2023-37312.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20089." + "value": "D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20089." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37313.json b/2023/37xxx/CVE-2023-37313.json index f3a8d08fc75..7ab978dd982 100644 --- a/2023/37xxx/CVE-2023-37313.json +++ b/2023/37xxx/CVE-2023-37313.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20090." + "value": "D-Link DAP-2622 DDP Set IPv4 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20090." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37314.json b/2023/37xxx/CVE-2023-37314.json index 447cab9d9b8..dbbb9974334 100644 --- a/2023/37xxx/CVE-2023-37314.json +++ b/2023/37xxx/CVE-2023-37314.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20092." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20092." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37315.json b/2023/37xxx/CVE-2023-37315.json index e7d09b21e04..327c87e2a7f 100644 --- a/2023/37xxx/CVE-2023-37315.json +++ b/2023/37xxx/CVE-2023-37315.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20093." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20093." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37316.json b/2023/37xxx/CVE-2023-37316.json index 80490e0f2f2..e7baf56b068 100644 --- a/2023/37xxx/CVE-2023-37316.json +++ b/2023/37xxx/CVE-2023-37316.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20094." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20094." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37317.json b/2023/37xxx/CVE-2023-37317.json index 55ffeec4c26..2a04c89efc5 100644 --- a/2023/37xxx/CVE-2023-37317.json +++ b/2023/37xxx/CVE-2023-37317.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20095." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20095." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37318.json b/2023/37xxx/CVE-2023-37318.json index 74f13721f31..fb8289837fa 100644 --- a/2023/37xxx/CVE-2023-37318.json +++ b/2023/37xxx/CVE-2023-37318.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20096." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20096." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37319.json b/2023/37xxx/CVE-2023-37319.json index cabbff14d4d..ff1328ee9ad 100644 --- a/2023/37xxx/CVE-2023-37319.json +++ b/2023/37xxx/CVE-2023-37319.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20097." + "value": "D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20097." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37320.json b/2023/37xxx/CVE-2023-37320.json index a5e74d75e91..ea8a516c3fd 100644 --- a/2023/37xxx/CVE-2023-37320.json +++ b/2023/37xxx/CVE-2023-37320.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20098." + "value": "D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20098." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37321.json b/2023/37xxx/CVE-2023-37321.json index ea9b7d918bd..3549f43b95b 100644 --- a/2023/37xxx/CVE-2023-37321.json +++ b/2023/37xxx/CVE-2023-37321.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20099." + "value": "D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20099." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37322.json b/2023/37xxx/CVE-2023-37322.json index ce998ab7ab3..8d0c7b1604a 100644 --- a/2023/37xxx/CVE-2023-37322.json +++ b/2023/37xxx/CVE-2023-37322.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20100." + "value": "D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20100." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37323.json b/2023/37xxx/CVE-2023-37323.json index 3369bbf2a28..8c29e846adf 100644 --- a/2023/37xxx/CVE-2023-37323.json +++ b/2023/37xxx/CVE-2023-37323.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20101." + "value": "D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20101." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37324.json b/2023/37xxx/CVE-2023-37324.json index e1ca95a95aa..24926ac658d 100644 --- a/2023/37xxx/CVE-2023-37324.json +++ b/2023/37xxx/CVE-2023-37324.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20102." + "value": "D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20102." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37325.json b/2023/37xxx/CVE-2023-37325.json index 3097ee57c4d..8e3f12779f7 100644 --- a/2023/37xxx/CVE-2023-37325.json +++ b/2023/37xxx/CVE-2023-37325.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104." + "value": "D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings.\n. Was ZDI-CAN-20104." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37326.json b/2023/37xxx/CVE-2023-37326.json index 5a6a2164e6f..f750af2728f 100644 --- a/2023/37xxx/CVE-2023-37326.json +++ b/2023/37xxx/CVE-2023-37326.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20103." + "value": "D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20103." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.00 dated 16-12-2020" } ] } diff --git a/2023/37xxx/CVE-2023-37328.json b/2023/37xxx/CVE-2023-37328.json index 01b91d139b8..5b0bc4ae46b 100644 --- a/2023/37xxx/CVE-2023-37328.json +++ b/2023/37xxx/CVE-2023-37328.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994." + "value": "GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-20994." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.22 and latest commit 6dff93acf69c40271a769aa2fa35efbcc2aeb9b4" } ] } diff --git a/2023/38xxx/CVE-2023-38095.json b/2023/38xxx/CVE-2023-38095.json index 92d9c07132f..b1b1cdbaa79 100644 --- a/2023/38xxx/CVE-2023-38095.json +++ b/2023/38xxx/CVE-2023-38095.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38096.json b/2023/38xxx/CVE-2023-38096.json index 08e5fc20b39..1b42cff188d 100644 --- a/2023/38xxx/CVE-2023-38096.json +++ b/2023/38xxx/CVE-2023-38096.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19718." + "value": "NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-19718." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38098.json b/2023/38xxx/CVE-2023-38098.json index 19ce235756f..6245b04f7a9 100644 --- a/2023/38xxx/CVE-2023-38098.json +++ b/2023/38xxx/CVE-2023-38098.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38099.json b/2023/38xxx/CVE-2023-38099.json index d2a20a81c2a..f4cf2fbe60d 100644 --- a/2023/38xxx/CVE-2023-38099.json +++ b/2023/38xxx/CVE-2023-38099.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38100.json b/2023/38xxx/CVE-2023-38100.json index 2d2166e9f19..4e88adf966b 100644 --- a/2023/38xxx/CVE-2023-38100.json +++ b/2023/38xxx/CVE-2023-38100.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38101.json b/2023/38xxx/CVE-2023-38101.json index 9ca5887d697..bd740074922 100644 --- a/2023/38xxx/CVE-2023-38101.json +++ b/2023/38xxx/CVE-2023-38101.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19725." + "value": "NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n. Was ZDI-CAN-19725." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38102.json b/2023/38xxx/CVE-2023-38102.json index 373cc7520e9..889f88e81db 100644 --- a/2023/38xxx/CVE-2023-38102.json +++ b/2023/38xxx/CVE-2023-38102.json @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.7.0.12 (Win64)" } ] } diff --git a/2023/38xxx/CVE-2023-38120.json b/2023/38xxx/CVE-2023-38120.json index 3b38f4f7db7..0d2d81f1053 100644 --- a/2023/38xxx/CVE-2023-38120.json +++ b/2023/38xxx/CVE-2023-38120.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20525." + "value": "Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-20525." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "10.8.8.1 & 10.8.5.1" } ] } diff --git a/2023/39xxx/CVE-2023-39473.json b/2023/39xxx/CVE-2023-39473.json index 025208d9768..78411c1edb2 100644 --- a/2023/39xxx/CVE-2023-39473.json +++ b/2023/39xxx/CVE-2023-39473.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17587." + "value": "Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n. Was ZDI-CAN-17587." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "Inductive Automation Ignition 8.1.17 LTS" } ] } diff --git a/2023/39xxx/CVE-2023-39474.json b/2023/39xxx/CVE-2023-39474.json index f3b0af814c6..ca93f627bbb 100644 --- a/2023/39xxx/CVE-2023-39474.json +++ b/2023/39xxx/CVE-2023-39474.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19915." + "value": "Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.\n\nThe specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user.\n. Was ZDI-CAN-19915." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "8.1.24-RC / 1.1.24-RC" } ] } diff --git a/2023/40xxx/CVE-2023-40474.json b/2023/40xxx/CVE-2023-40474.json index 3bc2eb95fc7..6c59af4a557 100644 --- a/2023/40xxx/CVE-2023-40474.json +++ b/2023/40xxx/CVE-2023-40474.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660." + "value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21660." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3" } ] } diff --git a/2023/40xxx/CVE-2023-40475.json b/2023/40xxx/CVE-2023-40475.json index c7ece0be728..3ca61ebc51b 100644 --- a/2023/40xxx/CVE-2023-40475.json +++ b/2023/40xxx/CVE-2023-40475.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661." + "value": "GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21661." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3" } ] } diff --git a/2023/40xxx/CVE-2023-40476.json b/2023/40xxx/CVE-2023-40476.json index c29a0030017..c5f35988f6a 100644 --- a/2023/40xxx/CVE-2023-40476.json +++ b/2023/40xxx/CVE-2023-40476.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768." + "value": "GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n. Was ZDI-CAN-21768." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "1.22.4 and 8dddb9ad2009705dfc3e50d59d7c56fc7314cfc3" } ] } diff --git a/2023/40xxx/CVE-2023-40492.json b/2023/40xxx/CVE-2023-40492.json index 0ddef5ceb6f..83bd86824fd 100644 --- a/2023/40xxx/CVE-2023-40492.json +++ b/2023/40xxx/CVE-2023-40492.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-19919." + "value": "LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.\n. Was ZDI-CAN-19919." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "LG Simple Editor 3.21.0" } ] } diff --git a/2023/40xxx/CVE-2023-40493.json b/2023/40xxx/CVE-2023-40493.json index c9ce54d4719..cbd78e74017 100644 --- a/2023/40xxx/CVE-2023-40493.json +++ b/2023/40xxx/CVE-2023-40493.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the copySessionFolder command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19920." + "value": "LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of the copySessionFolder command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n. Was ZDI-CAN-19920." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "LG Simple Editor 3.21.0" } ] } diff --git a/2023/40xxx/CVE-2023-40494.json b/2023/40xxx/CVE-2023-40494.json index 80c3e42a492..6c09d3c1a6e 100644 --- a/2023/40xxx/CVE-2023-40494.json +++ b/2023/40xxx/CVE-2023-40494.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the deleteFolder method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-19921." + "value": "LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the deleteFolder method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.\n. Was ZDI-CAN-19921." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "LG Simple Editor 3.21.0" } ] } diff --git a/2023/40xxx/CVE-2023-40495.json b/2023/40xxx/CVE-2023-40495.json index a8c58ea97d6..4d40dec8394 100644 --- a/2023/40xxx/CVE-2023-40495.json +++ b/2023/40xxx/CVE-2023-40495.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19922." + "value": "LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.\n. Was ZDI-CAN-19922." } ] }, @@ -41,7 +41,7 @@ "version_data": [ { "version_affected": "=", - "version_value": "R.47.0.0 AutoCAD 2021 & R.47.0.0 AutoCAD LT 2021" + "version_value": "LG Simple Editor 3.21.0" } ] }