From a2fc9e0d96c193008a550adc1648a40f293110da Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 19 May 2021 16:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/26xxx/CVE-2020-26980.json | 2 +- 2020/26xxx/CVE-2020-26981.json | 2 +- 2020/26xxx/CVE-2020-26982.json | 2 +- 2020/26xxx/CVE-2020-26983.json | 2 +- 2020/26xxx/CVE-2020-26984.json | 2 +- 2020/26xxx/CVE-2020-26985.json | 2 +- 2020/26xxx/CVE-2020-26986.json | 2 +- 2020/26xxx/CVE-2020-26987.json | 2 +- 2020/26xxx/CVE-2020-26988.json | 2 +- 2020/26xxx/CVE-2020-26989.json | 2 +- 2020/26xxx/CVE-2020-26990.json | 2 +- 2020/26xxx/CVE-2020-26991.json | 7 ++++--- 2020/26xxx/CVE-2020-26992.json | 2 +- 2020/26xxx/CVE-2020-26993.json | 2 +- 2020/26xxx/CVE-2020-26994.json | 2 +- 2020/26xxx/CVE-2020-26995.json | 2 +- 2020/26xxx/CVE-2020-26996.json | 2 +- 2020/26xxx/CVE-2020-26998.json | 13 +++++++------ 2020/26xxx/CVE-2020-26999.json | 13 +++++++------ 2020/27xxx/CVE-2020-27000.json | 2 +- 2020/27xxx/CVE-2020-27001.json | 13 +++++++------ 2020/27xxx/CVE-2020-27002.json | 13 +++++++------ 2020/27xxx/CVE-2020-27003.json | 2 +- 2020/27xxx/CVE-2020-27004.json | 2 +- 2020/27xxx/CVE-2020-27005.json | 2 +- 2020/27xxx/CVE-2020-27006.json | 2 +- 2020/27xxx/CVE-2020-27007.json | 2 +- 2020/27xxx/CVE-2020-27008.json | 2 +- 2020/28xxx/CVE-2020-28383.json | 11 ++++++----- 2020/28xxx/CVE-2020-28394.json | 2 +- 2021/33xxx/CVE-2021-33194.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33195.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33196.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33197.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33198.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33199.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33200.json | 18 ++++++++++++++++++ 2021/33xxx/CVE-2021-33201.json | 18 ++++++++++++++++++ 38 files changed, 206 insertions(+), 56 deletions(-) create mode 100644 2021/33xxx/CVE-2021-33194.json create mode 100644 2021/33xxx/CVE-2021-33195.json create mode 100644 2021/33xxx/CVE-2021-33196.json create mode 100644 2021/33xxx/CVE-2021-33197.json create mode 100644 2021/33xxx/CVE-2021-33198.json create mode 100644 2021/33xxx/CVE-2021-33199.json create mode 100644 2021/33xxx/CVE-2021-33200.json create mode 100644 2021/33xxx/CVE-2021-33201.json diff --git a/2020/26xxx/CVE-2020-26980.json b/2020/26xxx/CVE-2020-26980.json index b395c25bd6a..442fa2f37e2 100644 --- a/2020/26xxx/CVE-2020-26980.json +++ b/2020/26xxx/CVE-2020-26980.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881)" } ] }, diff --git a/2020/26xxx/CVE-2020-26981.json b/2020/26xxx/CVE-2020-26981.json index 28c73b4e8ea..4748ef11002 100644 --- a/2020/26xxx/CVE-2020-26981.json +++ b/2020/26xxx/CVE-2020-26981.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)" } ] }, diff --git a/2020/26xxx/CVE-2020-26982.json b/2020/26xxx/CVE-2020-26982.json index a10a971aeca..40cb74b40ef 100644 --- a/2020/26xxx/CVE-2020-26982.json +++ b/2020/26xxx/CVE-2020-26982.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)" } ] }, diff --git a/2020/26xxx/CVE-2020-26983.json b/2020/26xxx/CVE-2020-26983.json index 2e281374b5a..9378cc6454b 100644 --- a/2020/26xxx/CVE-2020-26983.json +++ b/2020/26xxx/CVE-2020-26983.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)" } ] }, diff --git a/2020/26xxx/CVE-2020-26984.json b/2020/26xxx/CVE-2020-26984.json index 1b1e816d0ed..798a6f356a2 100644 --- a/2020/26xxx/CVE-2020-26984.json +++ b/2020/26xxx/CVE-2020-26984.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)" } ] }, diff --git a/2020/26xxx/CVE-2020-26985.json b/2020/26xxx/CVE-2020-26985.json index 4104464e7c0..f5ea45d5eaa 100644 --- a/2020/26xxx/CVE-2020-26985.json +++ b/2020/26xxx/CVE-2020-26985.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)" } ] }, diff --git a/2020/26xxx/CVE-2020-26986.json b/2020/26xxx/CVE-2020-26986.json index c5e016e15b1..803a13fae8a 100644 --- a/2020/26xxx/CVE-2020-26986.json +++ b/2020/26xxx/CVE-2020-26986.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)" } ] }, diff --git a/2020/26xxx/CVE-2020-26987.json b/2020/26xxx/CVE-2020-26987.json index 15526bb3dff..66c4ee2d365 100644 --- a/2020/26xxx/CVE-2020-26987.json +++ b/2020/26xxx/CVE-2020-26987.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)" } ] }, diff --git a/2020/26xxx/CVE-2020-26988.json b/2020/26xxx/CVE-2020-26988.json index a8bcc78f1e9..fbcb6722471 100644 --- a/2020/26xxx/CVE-2020-26988.json +++ b/2020/26xxx/CVE-2020-26988.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11891)" } ] }, diff --git a/2020/26xxx/CVE-2020-26989.json b/2020/26xxx/CVE-2020-26989.json index 1b48159a31b..e0b98ce70f6 100644 --- a/2020/26xxx/CVE-2020-26989.json +++ b/2020/26xxx/CVE-2020-26989.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11892)" } ] }, diff --git a/2020/26xxx/CVE-2020-26990.json b/2020/26xxx/CVE-2020-26990.json index 027b01c2cef..a2004b7e132 100644 --- a/2020/26xxx/CVE-2020-26990.json +++ b/2020/26xxx/CVE-2020-26990.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11897)" } ] }, diff --git a/2020/26xxx/CVE-2020-26991.json b/2020/26xxx/CVE-2020-26991.json index 9383f7153a0..a1ca019b782 100644 --- a/2020/26xxx/CVE-2020-26991.json +++ b/2020/26xxx/CVE-2020-26991.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899)" } ] }, @@ -78,8 +78,9 @@ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" } ] } diff --git a/2020/26xxx/CVE-2020-26992.json b/2020/26xxx/CVE-2020-26992.json index f874bfb4814..b8a8ab61795 100644 --- a/2020/26xxx/CVE-2020-26992.json +++ b/2020/26xxx/CVE-2020-26992.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, diff --git a/2020/26xxx/CVE-2020-26993.json b/2020/26xxx/CVE-2020-26993.json index 769eb3a59cc..77ff3bf8967 100644 --- a/2020/26xxx/CVE-2020-26993.json +++ b/2020/26xxx/CVE-2020-26993.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, diff --git a/2020/26xxx/CVE-2020-26994.json b/2020/26xxx/CVE-2020-26994.json index 4b6ae7670eb..964fd9850d9 100644 --- a/2020/26xxx/CVE-2020-26994.json +++ b/2020/26xxx/CVE-2020-26994.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process." } ] }, diff --git a/2020/26xxx/CVE-2020-26995.json b/2020/26xxx/CVE-2020-26995.json index 2b8acf513cf..e83ce62b8f3 100644 --- a/2020/26xxx/CVE-2020-26995.json +++ b/2020/26xxx/CVE-2020-26995.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11992)" } ] }, diff --git a/2020/26xxx/CVE-2020-26996.json b/2020/26xxx/CVE-2020-26996.json index 7f4328276c8..9e4292abb48 100644 --- a/2020/26xxx/CVE-2020-26996.json +++ b/2020/26xxx/CVE-2020-26996.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of CG4 files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12027)" } ] }, diff --git a/2020/26xxx/CVE-2020-26998.json b/2020/26xxx/CVE-2020-26998.json index 110bef1cf8f..d1360309101 100644 --- a/2020/26xxx/CVE-2020-26998.json +++ b/2020/26xxx/CVE-2020-26998.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12040)" } ] }, @@ -69,13 +69,14 @@ }, { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-238/" } ] } -} +} \ No newline at end of file diff --git a/2020/26xxx/CVE-2020-26999.json b/2020/26xxx/CVE-2020-26999.json index 77d254f7f13..6acb0a31c09 100644 --- a/2020/26xxx/CVE-2020-26999.json +++ b/2020/26xxx/CVE-2020-26999.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information. (ZDI-CAN-12042)" } ] }, @@ -69,13 +69,14 @@ }, { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-239/" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27000.json b/2020/27xxx/CVE-2020-27000.json index 811e86d689e..e78e28abf1c 100644 --- a/2020/27xxx/CVE-2020-27000.json +++ b/2020/27xxx/CVE-2020-27000.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12018)" } ] }, diff --git a/2020/27xxx/CVE-2020-27001.json b/2020/27xxx/CVE-2020-27001.json index 9bc4f5750cb..b094fcf46a8 100644 --- a/2020/27xxx/CVE-2020-27001.json +++ b/2020/27xxx/CVE-2020-27001.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12041)" } ] }, @@ -69,13 +69,14 @@ }, { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-227/" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27002.json b/2020/27xxx/CVE-2020-27002.json index acf4ba8bda4..d677bedb3d2 100644 --- a/2020/27xxx/CVE-2020-27002.json +++ b/2020/27xxx/CVE-2020-27002.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12043)" } ] }, @@ -69,13 +69,14 @@ }, { "refsource": "MISC", - "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/", - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/" + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" }, { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf" + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-228/" } ] } -} +} \ No newline at end of file diff --git a/2020/27xxx/CVE-2020-27003.json b/2020/27xxx/CVE-2020-27003.json index 155180c2061..cc7a6a18e70 100644 --- a/2020/27xxx/CVE-2020-27003.json +++ b/2020/27xxx/CVE-2020-27003.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158)" } ] }, diff --git a/2020/27xxx/CVE-2020-27004.json b/2020/27xxx/CVE-2020-27004.json index 2c5ac851596..903cf282726 100644 --- a/2020/27xxx/CVE-2020-27004.json +++ b/2020/27xxx/CVE-2020-27004.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of CGM files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12163)" } ] }, diff --git a/2020/27xxx/CVE-2020-27005.json b/2020/27xxx/CVE-2020-27005.json index 029e14e8b9c..9ddf2763fe2 100644 --- a/2020/27xxx/CVE-2020-27005.json +++ b/2020/27xxx/CVE-2020-27005.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12178)" } ] }, diff --git a/2020/27xxx/CVE-2020-27006.json b/2020/27xxx/CVE-2020-27006.json index 6aa92b0c3ad..531451b6e38 100644 --- a/2020/27xxx/CVE-2020-27006.json +++ b/2020/27xxx/CVE-2020-27006.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12182)" } ] }, diff --git a/2020/27xxx/CVE-2020-27007.json b/2020/27xxx/CVE-2020-27007.json index 5c4ec9b5254..e61544aa7c0 100644 --- a/2020/27xxx/CVE-2020-27007.json +++ b/2020/27xxx/CVE-2020-27007.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of HPG files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12207)" } ] }, diff --git a/2020/27xxx/CVE-2020-27008.json b/2020/27xxx/CVE-2020-27008.json index badad3b53ae..b1a6fc804b5 100644 --- a/2020/27xxx/CVE-2020-27008.json +++ b/2020/27xxx/CVE-2020-27008.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PLT files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12209)" } ] }, diff --git a/2020/28xxx/CVE-2020-28383.json b/2020/28xxx/CVE-2020-28383.json index 3585a8c8b51..cd6798ab7c9 100644 --- a/2020/28xxx/CVE-2020-28383.json +++ b/2020/28xxx/CVE-2020-28383.json @@ -76,7 +76,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)" } ] }, @@ -97,6 +97,11 @@ "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-054/" }, + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" + }, { "refsource": "MISC", "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04", @@ -111,10 +116,6 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-073/" - }, - { - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf" } ] } diff --git a/2020/28xxx/CVE-2020-28394.json b/2020/28xxx/CVE-2020-28394.json index f68672c0c6b..6e2684ae2f9 100644 --- a/2020/28xxx/CVE-2020-28394.json +++ b/2020/28xxx/CVE-2020-28394.json @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)\n" + "value": "A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of RAS files. This could result in a memory access past the end of an allocated buffer. An attacker could leverage this vulnerability to access data in the context of the current process. (ZDI-CAN-12283)" } ] }, diff --git a/2021/33xxx/CVE-2021-33194.json b/2021/33xxx/CVE-2021-33194.json new file mode 100644 index 00000000000..c3330d7840b --- /dev/null +++ b/2021/33xxx/CVE-2021-33194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33195.json b/2021/33xxx/CVE-2021-33195.json new file mode 100644 index 00000000000..157f1cfa31c --- /dev/null +++ b/2021/33xxx/CVE-2021-33195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33196.json b/2021/33xxx/CVE-2021-33196.json new file mode 100644 index 00000000000..ce449f24aaf --- /dev/null +++ b/2021/33xxx/CVE-2021-33196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33197.json b/2021/33xxx/CVE-2021-33197.json new file mode 100644 index 00000000000..3bbfaeeca28 --- /dev/null +++ b/2021/33xxx/CVE-2021-33197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33198.json b/2021/33xxx/CVE-2021-33198.json new file mode 100644 index 00000000000..bff9a418174 --- /dev/null +++ b/2021/33xxx/CVE-2021-33198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33199.json b/2021/33xxx/CVE-2021-33199.json new file mode 100644 index 00000000000..24128f2ab8c --- /dev/null +++ b/2021/33xxx/CVE-2021-33199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33200.json b/2021/33xxx/CVE-2021-33200.json new file mode 100644 index 00000000000..4e54ef84877 --- /dev/null +++ b/2021/33xxx/CVE-2021-33200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/33xxx/CVE-2021-33201.json b/2021/33xxx/CVE-2021-33201.json new file mode 100644 index 00000000000..b3594c87276 --- /dev/null +++ b/2021/33xxx/CVE-2021-33201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-33201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file