diff --git a/2020/13xxx/CVE-2020-13498.json b/2020/13xxx/CVE-2020-13498.json index c69b71586e8..2844ce6c1cf 100644 --- a/2020/13xxx/CVE-2020-13498.json +++ b/2020/13xxx/CVE-2020-13498.json @@ -1,44 +1,18 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-13498", - "ASSIGNER": "talos-cna@cisco.com", - "STATE": "PUBLIC" + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-11-12", + "ASSIGNER": "talos-cna@cisco.com" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Pixar", - "version": { - "version_data": [ - { - "version_value": "Pixar OpenUSD 20.05, Apple macOS Catalina 10.15.3" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ + "description": { + "description_data": [ { - "description": [ - { - "lang": "eng", - "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" - } - ] + "lang": "eng", + "value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file." } ] }, @@ -51,14 +25,6 @@ } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file." - } - ] - }, "impact": { "cvss": { "baseScore": 4.3, @@ -66,5 +32,59 @@ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_value": "Catalina 10.15.3", + "version_affected": "=" + } + ] + } + } + ] + } + }, + { + "vendor_name": "Pixar", + "product": { + "product_data": [ + { + "product_name": "OpenUSD", + "version": { + "version_data": [ + { + "version_value": "20.05", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } } } \ No newline at end of file diff --git a/2022/26xxx/CVE-2022-26376.json b/2022/26xxx/CVE-2022-26376.json index e5565927c14..3b66b45650a 100644 --- a/2022/26xxx/CVE-2022-26376.json +++ b/2022/26xxx/CVE-2022-26376.json @@ -12,7 +12,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability." + "value": "A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability." } ] }, @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "CWE-787: Out-of-bounds Write" } ] } diff --git a/2022/27xxx/CVE-2022-27631.json b/2022/27xxx/CVE-2022-27631.json index 2e0f36bbb1d..6e59f560c23 100644 --- a/2022/27xxx/CVE-2022-27631.json +++ b/2022/27xxx/CVE-2022-27631.json @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "CWE-787: Out-of-bounds Write" } ] } diff --git a/2022/28xxx/CVE-2022-28664.json b/2022/28xxx/CVE-2022-28664.json index 68f8eb96eaf..a9dbdfd4d32 100644 --- a/2022/28xxx/CVE-2022-28664.json +++ b/2022/28xxx/CVE-2022-28664.json @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "CWE-787: Out-of-bounds Write" } ] } diff --git a/2022/28xxx/CVE-2022-28665.json b/2022/28xxx/CVE-2022-28665.json index aa7bb1ecdf9..7ecef866cd0 100644 --- a/2022/28xxx/CVE-2022-28665.json +++ b/2022/28xxx/CVE-2022-28665.json @@ -39,7 +39,7 @@ "description": [ { "lang": "eng", - "value": "CWE-20: Improper Input Validation" + "value": "CWE-787: Out-of-bounds Write" } ] }