admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-06-15 20:02:23 +00:00
parent da8175539c
commit fbe4eb15cb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
30 changed files with 1300 additions and 1264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
2002/1xxx/CVE-2002-1617.json
View File

@ -57,31 +57,16 @@
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt"
},
{
"name": "VU#931579",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/931579"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt"
},
{
"name": "VU#836275",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/836275"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt"
},
{
"name": "20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification",
"refsource": "BUGTRAQ",
@ -97,15 +82,30 @@
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/290115"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt"
},
{
"name": "VU#600699",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/600699"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt"
},
{
"name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt",
"refsource": "MISC",
"url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt"
}
]
}

10
2002/1xxx/CVE-2002-1621.json
View File

@ -57,11 +57,6 @@
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26503&apar=only"
},
{
"name": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF"
},
{
"name": "VU#209363",
"refsource": "CERT-VN",
@ -71,6 +66,11 @@
"name": "IY28698",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28698&apar=only"
},
{
"name": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF"
}
]
}

20
2002/1xxx/CVE-2002-1631.json
View File

@ -52,6 +52,16 @@
},
"references": {
"reference_data": [
{
"name": "6556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6556"
},
{
"name": "VU#717827",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717827"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
@ -62,20 +72,10 @@
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/SVIM-576QLZ"
},
{
"name": "6556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6556"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#717827",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/717827"
}
]
}

10
2003/0xxx/CVE-2003-0733.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp"
},
{
"name": "8357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8357"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp"
}
]
}

10
2005/0xxx/CVE-2005-0850.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473"
},
{
"name": "12865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12865"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473"
}
]
}

10
2005/0xxx/CVE-2005-0851.json
View File

@ -52,15 +52,15 @@
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473"
},
{
"name": "12865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12865"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473"
}
]
}

10
2005/0xxx/CVE-2005-0906.json
View File

@ -62,11 +62,6 @@
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/394404"
},
{
"name": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt"
},
{
"name": "14767",
"refsource": "SECUNIA",
@ -76,6 +71,11 @@
"name": "12912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12912"
},
{
"name": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt"
}
]
}

20
2005/0xxx/CVE-2005-0958.json
View File

@ -52,16 +52,6 @@
},
"references": {
"reference_data": [
{
"name": "http://unl0ck.org/files/papers/mtftpd.txt",
"refsource": "MISC",
"url": "http://unl0ck.org/files/papers/mtftpd.txt"
},
{
"name": "http://www.securiteam.com/exploits/5KP0W0AF5K.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5KP0W0AF5K.html"
},
{
"name": "12947",
"refsource": "BID",
@ -71,6 +61,16 @@
"name": "http://www.tripbit.org/advisories/TA-040305.txt",
"refsource": "MISC",
"url": "http://www.tripbit.org/advisories/TA-040305.txt"
},
{
"name": "http://unl0ck.org/files/papers/mtftpd.txt",
"refsource": "MISC",
"url": "http://unl0ck.org/files/papers/mtftpd.txt"
},
{
"name": "http://www.securiteam.com/exploits/5KP0W0AF5K.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5KP0W0AF5K.html"
}
]
}

10
2005/2xxx/CVE-2005-2141.json
View File

@ -52,16 +52,16 @@
},
"references": {
"reference_data": [
{
"name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65",
"refsource": "MISC",
"url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65"
},
{
"name": "1014371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014371"
},
{
"name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65",
"refsource": "MISC",
"url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65"
},
{
"name": "http://addict3d.org/index.php?page=viewarticle&type=security&ID=4377",
"refsource": "MISC",

10
2005/2xxx/CVE-2005-2173.json
View File

@ -52,6 +52,11 @@
},
"references": {
"reference_data": [
{
"name": "1014428",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014428"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=293159",
"refsource": "CONFIRM",
@ -61,11 +66,6 @@
"name": "http://www.bugzilla.org/security/2.18.1/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.18.1/"
},
{
"name": "1014428",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014428"
}
]
}

180
2020/5xxx/CVE-2020-5000.json
View File

@ -1,93 +1,93 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.ibm.com/support/pages/node/6463313",
"name" : "https://www.ibm.com/support/pages/node/6463313",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 6463313 (Financial Transaction Manager)"
},
{
"title" : "X-Force Vulnerability Report",
"name" : "ibm-ftm-cve20205000-xss (192952)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192952"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RL" : "O",
"E" : "H",
"RC" : "C"
},
"BM" : {
"SCORE" : "5.400",
"AC" : "L",
"I" : "L",
"UI" : "R",
"S" : "C",
"AV" : "N",
"PR" : "L",
"C" : "L",
"A" : "N"
}
}
},
"affects" : {
"vendor" : {
"vendor_data" : [
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "Financial Transaction Manager",
"version" : {
"version_data" : [
{
"version_value" : "3.0.2"
},
{
"version_value" : "3.2.4"
}
]
}
}
]
}
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
}
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ID" : "CVE-2020-5000",
"DATE_PUBLIC" : "2021-06-14T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com"
},
"data_format" : "MITRE",
"data_type" : "CVE"
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/6463313",
"name": "https://www.ibm.com/support/pages/node/6463313",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6463313 (Financial Transaction Manager)"
},
{
"title": "X-Force Vulnerability Report",
"name": "ibm-ftm-cve20205000-xss (192952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192952"
}
]
},
"description": {
"description_data": [
{
"value": "IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.",
"lang": "eng"
}
]
},
"data_version": "4.0",
"impact": {
"cvssv3": {
"TM": {
"RL": "O",
"E": "H",
"RC": "C"
},
"BM": {
"SCORE": "5.400",
"AC": "L",
"I": "L",
"UI": "R",
"S": "C",
"AV": "N",
"PR": "L",
"C": "L",
"A": "N"
}
}
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Financial Transaction Manager",
"version": {
"version_data": [
{
"version_value": "3.0.2"
},
{
"version_value": "3.2.4"
}
]
}
}
]
}
}
]
}
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2020-5000",
"DATE_PUBLIC": "2021-06-14T00:00:00",
"ASSIGNER": "psirt@us.ibm.com"
},
"data_format": "MITRE",
"data_type": "CVE"
}

124
2021/31xxx/CVE-2021-31485.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31486.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31487.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31488.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31489.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31490.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31491.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31492.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31493.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31494.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31495.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31496.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31497.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31498.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31499.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31500.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
},
"credit": "rgod",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31501.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "16.6.3.84"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
}
}
}

124
2021/31xxx/CVE-2021-31502.json
View File

@ -1,67 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "Build 16.6.4.55"
}
]
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Brava! Desktop",
"version": {
"version_data": [
{
"version_value": "Build 16.6.4.55"
}
]
}
}
]
},
"vendor_name": "OpenText"
}
}
]
},
"vendor_name": "OpenText"
}
]
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
},
"credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/"
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
}
}
}

2
2021/32xxx/CVE-2021-32683.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com).\nIn particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com.\nThis allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs."
"value": "wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com). In particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com. This allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs."
}
]
},