From f662fa5889847a0178108c84161a9a62a7f5eb69 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Apr 2021 17:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/21xxx/CVE-2020-21101.json | 56 ++++++++++++-- 2020/21xxx/CVE-2020-21452.json | 56 ++++++++++++-- 2020/35xxx/CVE-2020-35430.json | 56 ++++++++++++-- 2021/30xxx/CVE-2021-30048.json | 61 +++++++++++++-- 2021/31xxx/CVE-2021-31417.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31418.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31419.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31420.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31421.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31422.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31423.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31424.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31425.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31426.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31427.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31428.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31429.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31430.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31431.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31432.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31433.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31434.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31435.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31436.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31437.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31438.json | 132 +++++++++++++++++---------------- 2021/31xxx/CVE-2021-31897.json | 18 +++++ 2021/31xxx/CVE-2021-31898.json | 18 +++++ 2021/31xxx/CVE-2021-31899.json | 18 +++++ 2021/31xxx/CVE-2021-31900.json | 18 +++++ 2021/31xxx/CVE-2021-31901.json | 18 +++++ 2021/31xxx/CVE-2021-31902.json | 18 +++++ 2021/31xxx/CVE-2021-31903.json | 18 +++++ 2021/31xxx/CVE-2021-31904.json | 18 +++++ 2021/31xxx/CVE-2021-31905.json | 18 +++++ 2021/31xxx/CVE-2021-31906.json | 18 +++++ 2021/31xxx/CVE-2021-31907.json | 18 +++++ 2021/31xxx/CVE-2021-31908.json | 18 +++++ 2021/31xxx/CVE-2021-31909.json | 18 +++++ 2021/31xxx/CVE-2021-31910.json | 18 +++++ 2021/31xxx/CVE-2021-31911.json | 18 +++++ 2021/31xxx/CVE-2021-31912.json | 18 +++++ 2021/31xxx/CVE-2021-31913.json | 18 +++++ 2021/31xxx/CVE-2021-31914.json | 18 +++++ 2021/31xxx/CVE-2021-31915.json | 18 +++++ 45 files changed, 2043 insertions(+), 1432 deletions(-) create mode 100644 2021/31xxx/CVE-2021-31897.json create mode 100644 2021/31xxx/CVE-2021-31898.json create mode 100644 2021/31xxx/CVE-2021-31899.json create mode 100644 2021/31xxx/CVE-2021-31900.json create mode 100644 2021/31xxx/CVE-2021-31901.json create mode 100644 2021/31xxx/CVE-2021-31902.json create mode 100644 2021/31xxx/CVE-2021-31903.json create mode 100644 2021/31xxx/CVE-2021-31904.json create mode 100644 2021/31xxx/CVE-2021-31905.json create mode 100644 2021/31xxx/CVE-2021-31906.json create mode 100644 2021/31xxx/CVE-2021-31907.json create mode 100644 2021/31xxx/CVE-2021-31908.json create mode 100644 2021/31xxx/CVE-2021-31909.json create mode 100644 2021/31xxx/CVE-2021-31910.json create mode 100644 2021/31xxx/CVE-2021-31911.json create mode 100644 2021/31xxx/CVE-2021-31912.json create mode 100644 2021/31xxx/CVE-2021-31913.json create mode 100644 2021/31xxx/CVE-2021-31914.json create mode 100644 2021/31xxx/CVE-2021-31915.json diff --git a/2020/21xxx/CVE-2020-21101.json b/2020/21xxx/CVE-2020-21101.json index 1fea2b57a17..98bde4819c0 100644 --- a/2020/21xxx/CVE-2020-21101.json +++ b/2020/21xxx/CVE-2020-21101.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21101", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21101", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Screenly/screenly-ose/issues/1254", + "refsource": "MISC", + "name": "https://github.com/Screenly/screenly-ose/issues/1254" } ] } diff --git a/2020/21xxx/CVE-2020-21452.json b/2020/21xxx/CVE-2020-21452.json index 8cb715741f0..c123e7e9879 100644 --- a/2020/21xxx/CVE-2020-21452.json +++ b/2020/21xxx/CVE-2020-21452.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-21452", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-21452", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/qq1654985095/tyq", + "refsource": "MISC", + "name": "https://github.com/qq1654985095/tyq" } ] } diff --git a/2020/35xxx/CVE-2020-35430.json b/2020/35xxx/CVE-2020-35430.json index 0c329860092..378b5d12ccf 100644 --- a/2020/35xxx/CVE-2020-35430.json +++ b/2020/35xxx/CVE-2020-35430.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35430", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35430", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitee.com/inxeduopen/inxedu/issues/I294XL", + "refsource": "MISC", + "name": "https://gitee.com/inxeduopen/inxedu/issues/I294XL" } ] } diff --git a/2021/30xxx/CVE-2021-30048.json b/2021/30xxx/CVE-2021-30048.json index 925d16d5704..3d59013bd19 100644 --- a/2021/30xxx/CVE-2021-30048.json +++ b/2021/30xxx/CVE-2021-30048.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-30048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-30048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (\u5c0f\u8bf4\u7cbe\u54c1\u5c4b-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/49724", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/49724" + }, + { + "refsource": "MISC", + "name": "https://github.com/201206030/novel-plus/issues/39", + "url": "https://github.com/201206030/novel-plus/issues/39" } ] } diff --git a/2021/31xxx/CVE-2021-31417.json b/2021/31xxx/CVE-2021-31417.json index 5911ec6cba7..92a5b546854 100644 --- a/2021/31xxx/CVE-2021-31417.json +++ b/2021/31xxx/CVE-2021-31417.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31417", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.4-47270" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.4-47270" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-908: Use of Uninitialized Resource" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-426/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-426/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-426/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31418.json b/2021/31xxx/CVE-2021-31418.json index 32022717d9f..cb1a97f06c1 100644 --- a/2021/31xxx/CVE-2021-31418.json +++ b/2021/31xxx/CVE-2021-31418.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31418", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.4-47270" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.4-47270" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Ezrak1e ", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12221." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-908: Use of Uninitialized Resource" - } + }, + "credit": "Ezrak1e ", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12221." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-429/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-429/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-429/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31419.json b/2021/31xxx/CVE-2021-31419.json index f5896252e79..488c8120b70 100644 --- a/2021/31xxx/CVE-2021-31419.json +++ b/2021/31xxx/CVE-2021-31419.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31419", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.4-47270" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.4-47270" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-908: Use of Uninitialized Resource" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-427/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-427/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-427/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31420.json b/2021/31xxx/CVE-2021-31420.json index a701fdefda3..fb63138b66a 100644 --- a/2021/31xxx/CVE-2021-31420.json +++ b/2021/31xxx/CVE-2021-31420.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31420", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "16.1.0-48950" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "16.1.0-48950" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Ezrak1e ", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12220." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "Ezrak1e ", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12220." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-428/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-428/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-428/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31421.json b/2021/31xxx/CVE-2021-31421.json index 36c56c6b593..6ff43aa2c50 100644 --- a/2021/31xxx/CVE-2021-31421.json +++ b/2021/31xxx/CVE-2021-31421.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31421", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "16.1.1-49141" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "16.1.1-49141" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Ezrak1e ", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + }, + "credit": "Ezrak1e ", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-425/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-425/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-425/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31422.json b/2021/31xxx/CVE-2021-31422.json index 38af865636b..119f37cb3b7 100644 --- a/2021/31xxx/CVE-2021-31422.json +++ b/2021/31xxx/CVE-2021-31422.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31422", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "16.1.1-49141" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "16.1.1-49141" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-430/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-430/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-430/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31423.json b/2021/31xxx/CVE-2021-31423.json index 236e292dbeb..b4fcb255641 100644 --- a/2021/31xxx/CVE-2021-31423.json +++ b/2021/31xxx/CVE-2021-31423.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31423", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12528." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-908: Use of Uninitialized Resource" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12528." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-431/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-908: Use of Uninitialized Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-431/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-431/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31424.json b/2021/31xxx/CVE-2021-31424.json index 7f0214ef362..1fafc7c105b 100644 --- a/2021/31xxx/CVE-2021-31424.json +++ b/2021/31xxx/CVE-2021-31424.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31424", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12848." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12848." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-434/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-434/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-434/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31425.json b/2021/31xxx/CVE-2021-31425.json index 2dd413c9555..f8e37fcfb56 100644 --- a/2021/31xxx/CVE-2021-31425.json +++ b/2021/31xxx/CVE-2021-31425.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31425", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "16.1.2-49151" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "16.1.2-49151" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "grigoritchy", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-190: Integer Overflow or Wraparound" - } + }, + "credit": "grigoritchy", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12790." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-432/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-432/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-432/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31426.json b/2021/31xxx/CVE-2021-31426.json index ea01b4a2eaf..808c8e039ad 100644 --- a/2021/31xxx/CVE-2021-31426.json +++ b/2021/31xxx/CVE-2021-31426.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31426", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "16.1.2-49151" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "16.1.2-49151" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "grigoritchy", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-190: Integer Overflow or Wraparound" - } + }, + "credit": "grigoritchy", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel on the target guest system. Was ZDI-CAN-12791." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-433/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-433/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-433/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31427.json b/2021/31xxx/CVE-2021-31427.json index 86a81f2fd01..57335edc13d 100644 --- a/2021/31xxx/CVE-2021-31427.json +++ b/2021/31xxx/CVE-2021-31427.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31427", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13082." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-435/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-435/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-435/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31428.json b/2021/31xxx/CVE-2021-31428.json index 74b3cc268e7..cd087d2900a 100644 --- a/2021/31xxx/CVE-2021-31428.json +++ b/2021/31xxx/CVE-2021-31428.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31428", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13186." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13186." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-436/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-436/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-436/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31429.json b/2021/31xxx/CVE-2021-31429.json index d01f8badd84..6dffe05d82e 100644 --- a/2021/31xxx/CVE-2021-31429.json +++ b/2021/31xxx/CVE-2021-31429.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31429", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13187." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13187." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-437/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-437/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-437/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31430.json b/2021/31xxx/CVE-2021-31430.json index 61cfefd0167..cc0d55d9677 100644 --- a/2021/31xxx/CVE-2021-31430.json +++ b/2021/31xxx/CVE-2021-31430.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31430", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13188." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13188." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-438/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-438/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-438/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31431.json b/2021/31xxx/CVE-2021-31431.json index 603e207cf66..f41e51f670f 100644 --- a/2021/31xxx/CVE-2021-31431.json +++ b/2021/31xxx/CVE-2021-31431.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31431", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13189." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13189." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-439/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-439/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-439/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31432.json b/2021/31xxx/CVE-2021-31432.json index 45b08bfcb68..2bfe85d0863 100644 --- a/2021/31xxx/CVE-2021-31432.json +++ b/2021/31xxx/CVE-2021-31432.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31432", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Desktop", - "version": { - "version_data": [ - { - "version_value": "15.1.5-47309" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop", + "version": { + "version_data": [ + { + "version_value": "15.1.5-47309" + } + ] + } + } + ] + }, + "vendor_name": "Parallels" } - } ] - }, - "vendor_name": "Parallels" } - ] - } - }, - "credit": "Reno Robert of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.\n\nThe specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13190." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Reno Robert of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13190." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-440/" - }, - { - "url": "https://kb.parallels.com/en/125013" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://kb.parallels.com/en/125013", + "refsource": "MISC", + "name": "https://kb.parallels.com/en/125013" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-440/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-440/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31433.json b/2021/31xxx/CVE-2021-31433.json index d1123f64d2e..4122b116f52 100644 --- a/2021/31xxx/CVE-2021-31433.json +++ b/2021/31xxx/CVE-2021-31433.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31433", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Francis Provencher {PRL}", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Francis Provencher {PRL}", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12333." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-476/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-476/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-476/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31434.json b/2021/31xxx/CVE-2021-31434.json index a51d4f59754..41bad3e44f9 100644 --- a/2021/31xxx/CVE-2021-31434.json +++ b/2021/31xxx/CVE-2021-31434.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31434", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Wenguang Jiao", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12377." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Wenguang Jiao", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12377." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-477/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-477/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-477/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31435.json b/2021/31xxx/CVE-2021-31435.json index 936aa36551b..8b9e5a19e15 100644 --- a/2021/31xxx/CVE-2021-31435.json +++ b/2021/31xxx/CVE-2021-31435.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31435", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Francis Provencher {PRL}", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CMP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12331." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-457: Use of Uninitialized Variable" - } + }, + "credit": "Francis Provencher {PRL}", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CMP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12331." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-478/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-478/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-478/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31436.json b/2021/31xxx/CVE-2021-31436.json index eaeb054f28d..3392f542114 100644 --- a/2021/31xxx/CVE-2021-31436.json +++ b/2021/31xxx/CVE-2021-31436.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31436", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SGI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-479/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-479/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-479/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31437.json b/2021/31xxx/CVE-2021-31437.json index d021b159e87..2c6c0f0d1e3 100644 --- a/2021/31xxx/CVE-2021-31437.json +++ b/2021/31xxx/CVE-2021-31437.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31437", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Wenguang Jiao", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Wenguang Jiao", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12384." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-480/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-480/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-480/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31438.json b/2021/31xxx/CVE-2021-31438.json index 9f9196b8b83..77fa67a9b20 100644 --- a/2021/31xxx/CVE-2021-31438.json +++ b/2021/31xxx/CVE-2021-31438.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31438", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.931" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.931" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Francis Provencher {PRL}", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12443." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "Francis Provencher {PRL}", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12443." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-481/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.html" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.html", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.html" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-481/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-481/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31897.json b/2021/31xxx/CVE-2021-31897.json new file mode 100644 index 00000000000..37ed44a4816 --- /dev/null +++ b/2021/31xxx/CVE-2021-31897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31898.json b/2021/31xxx/CVE-2021-31898.json new file mode 100644 index 00000000000..bcbf30e72e2 --- /dev/null +++ b/2021/31xxx/CVE-2021-31898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31899.json b/2021/31xxx/CVE-2021-31899.json new file mode 100644 index 00000000000..dba980d582b --- /dev/null +++ b/2021/31xxx/CVE-2021-31899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31900.json b/2021/31xxx/CVE-2021-31900.json new file mode 100644 index 00000000000..0ba20bc30d4 --- /dev/null +++ b/2021/31xxx/CVE-2021-31900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31901.json b/2021/31xxx/CVE-2021-31901.json new file mode 100644 index 00000000000..407a34ab69c --- /dev/null +++ b/2021/31xxx/CVE-2021-31901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31902.json b/2021/31xxx/CVE-2021-31902.json new file mode 100644 index 00000000000..c2615fd1673 --- /dev/null +++ b/2021/31xxx/CVE-2021-31902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31903.json b/2021/31xxx/CVE-2021-31903.json new file mode 100644 index 00000000000..b1df1cf7de5 --- /dev/null +++ b/2021/31xxx/CVE-2021-31903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31904.json b/2021/31xxx/CVE-2021-31904.json new file mode 100644 index 00000000000..b24164463f1 --- /dev/null +++ b/2021/31xxx/CVE-2021-31904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31905.json b/2021/31xxx/CVE-2021-31905.json new file mode 100644 index 00000000000..b6af1f4193c --- /dev/null +++ b/2021/31xxx/CVE-2021-31905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31906.json b/2021/31xxx/CVE-2021-31906.json new file mode 100644 index 00000000000..09e96a292ef --- /dev/null +++ b/2021/31xxx/CVE-2021-31906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31907.json b/2021/31xxx/CVE-2021-31907.json new file mode 100644 index 00000000000..3b99a239b19 --- /dev/null +++ b/2021/31xxx/CVE-2021-31907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31908.json b/2021/31xxx/CVE-2021-31908.json new file mode 100644 index 00000000000..b0026c9533e --- /dev/null +++ b/2021/31xxx/CVE-2021-31908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31909.json b/2021/31xxx/CVE-2021-31909.json new file mode 100644 index 00000000000..326c754790e --- /dev/null +++ b/2021/31xxx/CVE-2021-31909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31910.json b/2021/31xxx/CVE-2021-31910.json new file mode 100644 index 00000000000..6ce3f38310b --- /dev/null +++ b/2021/31xxx/CVE-2021-31910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31911.json b/2021/31xxx/CVE-2021-31911.json new file mode 100644 index 00000000000..1a3a59ee89f --- /dev/null +++ b/2021/31xxx/CVE-2021-31911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31912.json b/2021/31xxx/CVE-2021-31912.json new file mode 100644 index 00000000000..0b46c40a248 --- /dev/null +++ b/2021/31xxx/CVE-2021-31912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31913.json b/2021/31xxx/CVE-2021-31913.json new file mode 100644 index 00000000000..a52d913f205 --- /dev/null +++ b/2021/31xxx/CVE-2021-31913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31914.json b/2021/31xxx/CVE-2021-31914.json new file mode 100644 index 00000000000..9880e634922 --- /dev/null +++ b/2021/31xxx/CVE-2021-31914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31915.json b/2021/31xxx/CVE-2021-31915.json new file mode 100644 index 00000000000..259238618b7 --- /dev/null +++ b/2021/31xxx/CVE-2021-31915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2021-31915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file