diff --git a/2021/29xxx/CVE-2021-29479.json b/2021/29xxx/CVE-2021-29479.json index e7aa2e93a66..e7c1778c8eb 100644 --- a/2021/29xxx/CVE-2021-29479.json +++ b/2021/29xxx/CVE-2021-29479.json @@ -69,15 +69,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/ratpack/ratpack/security/advisories/GHSA-w6rq-6h34-vh7q", - "refsource": "CONFIRM", - "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-w6rq-6h34-vh7q" - }, { "name": "https://portswigger.net/web-security/web-cache-poisoning", "refsource": "MISC", "url": "https://portswigger.net/web-security/web-cache-poisoning" + }, + { + "name": "https://github.com/ratpack/ratpack/security/advisories/GHSA-w6rq-6h34-vh7q", + "refsource": "CONFIRM", + "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-w6rq-6h34-vh7q" } ] }, diff --git a/2021/31xxx/CVE-2021-31514.json b/2021/31xxx/CVE-2021-31514.json index 655941f330f..77c84ec686b 100644 --- a/2021/31xxx/CVE-2021-31514.json +++ b/2021/31xxx/CVE-2021-31514.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31514", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "Build 16.6.4.55" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "Build 16.6.4.55" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-692/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-692/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-692/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31515.json b/2021/31xxx/CVE-2021-31515.json index 81c60f003e7..ad7ebd6bebd 100644 --- a/2021/31xxx/CVE-2021-31515.json +++ b/2021/31xxx/CVE-2021-31515.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31515", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Binary Ninja", - "version": { - "version_data": [ - { - "version_value": "2.3.2660 (Build ID 88f343c3)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Binary Ninja", + "version": { + "version_data": [ + { + "version_value": "2.3.2660 (Build ID 88f343c3)" + } + ] + } + } + ] + }, + "vendor_name": "Vector 35" } - } ] - }, - "vendor_name": "Vector 35" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of BNDB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13668." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13668." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-678/" - }, - { - "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-678/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-678/" + }, + { + "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories", + "refsource": "MISC", + "name": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31516.json b/2021/31xxx/CVE-2021-31516.json index fffd80cf5f3..6da057c3ec6 100644 --- a/2021/31xxx/CVE-2021-31516.json +++ b/2021/31xxx/CVE-2021-31516.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31516", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Binary Ninja", - "version": { - "version_data": [ - { - "version_value": "2.3.2660 (Build ID 88f343c3)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Binary Ninja", + "version": { + "version_data": [ + { + "version_value": "2.3.2660 (Build ID 88f343c3)" + } + ] + } + } + ] + }, + "vendor_name": "Vector 35" } - } ] - }, - "vendor_name": "Vector 35" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/" - }, - { - "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories", + "refsource": "MISC", + "name": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32988.json b/2021/32xxx/CVE-2021-32988.json index 3d136ab92d4..38124e7807e 100644 --- a/2021/32xxx/CVE-2021-32988.json +++ b/2021/32xxx/CVE-2021-32988.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32988", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FATEK Automation WinProladder", + "version": { + "version_data": [ + { + "version_value": "WinProladder: Versions 3.30 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code." } ] } diff --git a/2021/32xxx/CVE-2021-32990.json b/2021/32xxx/CVE-2021-32990.json index 0f1b28f87a6..888ca949fef 100644 --- a/2021/32xxx/CVE-2021-32990.json +++ b/2021/32xxx/CVE-2021-32990.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32990", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FATEK Automation WinProladder", + "version": { + "version_data": [ + { + "version_value": "WinProladder: Versions 3.30 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-Bounds Read CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code." } ] } diff --git a/2021/32xxx/CVE-2021-32992.json b/2021/32xxx/CVE-2021-32992.json index c7f7bcffcb2..f5ae09619df 100644 --- a/2021/32xxx/CVE-2021-32992.json +++ b/2021/32xxx/CVE-2021-32992.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32992", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FATEK Automation WinProladder", + "version": { + "version_data": [ + { + "version_value": "WinProladder: Versions 3.30 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restrictions of Operations within the bounds of a memory buffer CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-175-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code." } ] }