diff --git a/2002/1xxx/CVE-2002-1617.json b/2002/1xxx/CVE-2002-1617.json index c76e8575cc9..16a6fd52df3 100644 --- a/2002/1xxx/CVE-2002-1617.json +++ b/2002/1xxx/CVE-2002-1617.json @@ -57,31 +57,16 @@ "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html" }, - { - "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt", - "refsource": "MISC", - "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt" - }, { "name": "VU#931579", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/931579" }, - { - "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt", - "refsource": "MISC", - "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt" - }, { "name": "VU#836275", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/836275" }, - { - "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt", - "refsource": "MISC", - "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt" - }, { "name": "20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification", "refsource": "BUGTRAQ", @@ -97,15 +82,30 @@ "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/290115" }, - { - "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt", - "refsource": "MISC", - "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt" - }, { "name": "VU#600699", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/600699" + }, + { + "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt", + "refsource": "MISC", + "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtterm.txt" + }, + { + "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt", + "refsource": "MISC", + "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtprintinfo.txt" + }, + { + "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt", + "refsource": "MISC", + "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dxterm.txt" + }, + { + "name": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt", + "refsource": "MISC", + "url": "http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_dtaction.txt" } ] } diff --git a/2002/1xxx/CVE-2002-1621.json b/2002/1xxx/CVE-2002-1621.json index ff881283b02..c5299760386 100644 --- a/2002/1xxx/CVE-2002-1621.json +++ b/2002/1xxx/CVE-2002-1621.json @@ -57,11 +57,6 @@ "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY26503&apar=only" }, - { - "name": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF", - "refsource": "CONFIRM", - "url": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF" - }, { "name": "VU#209363", "refsource": "CERT-VN", @@ -71,6 +66,11 @@ "name": "IY28698", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY28698&apar=only" + }, + { + "name": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/SVIM-59FJVF" } ] } diff --git a/2002/1xxx/CVE-2002-1631.json b/2002/1xxx/CVE-2002-1631.json index 3980e84ed1f..1b5551c38ac 100644 --- a/2002/1xxx/CVE-2002-1631.json +++ b/2002/1xxx/CVE-2002-1631.json @@ -52,6 +52,16 @@ }, "references": { "reference_data": [ + { + "name": "6556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6556" + }, + { + "name": "VU#717827", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/717827" + }, { "name": "http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf", "refsource": "CONFIRM", @@ -62,20 +72,10 @@ "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/SVIM-576QLZ" }, - { - "name": "6556", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/6556" - }, { "name": "http://www.nextgenss.com/papers/hpoas.pdf", "refsource": "MISC", "url": "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name": "VU#717827", - "refsource": "CERT-VN", - "url": "http://www.kb.cert.org/vuls/id/717827" } ] } diff --git a/2003/0xxx/CVE-2003-0733.json b/2003/0xxx/CVE-2003-0733.json index d12e60f1870..15fae0bf9e3 100644 --- a/2003/0xxx/CVE-2003-0733.json +++ b/2003/0xxx/CVE-2003-0733.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", - "refsource": "CONFIRM", - "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp" - }, { "name": "8357", "refsource": "BID", "url": "http://www.securityfocus.com/bid/8357" + }, + { + "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp", + "refsource": "CONFIRM", + "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp" } ] } diff --git a/2005/0xxx/CVE-2005-0850.json b/2005/0xxx/CVE-2005-0850.json index 6909c386145..44855059d4e 100644 --- a/2005/0xxx/CVE-2005-0850.json +++ b/2005/0xxx/CVE-2005-0850.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", - "refsource": "CONFIRM", - "url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" - }, { "name": "12865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12865" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" } ] } diff --git a/2005/0xxx/CVE-2005-0851.json b/2005/0xxx/CVE-2005-0851.json index e4bcecb0bd7..8d3946a526e 100644 --- a/2005/0xxx/CVE-2005-0851.json +++ b/2005/0xxx/CVE-2005-0851.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", - "refsource": "CONFIRM", - "url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" - }, { "name": "12865", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12865" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=21558&release_id=314473" } ] } diff --git a/2005/0xxx/CVE-2005-0906.json b/2005/0xxx/CVE-2005-0906.json index e88f7e9c69e..3c102ff7636 100644 --- a/2005/0xxx/CVE-2005-0906.json +++ b/2005/0xxx/CVE-2005-0906.json @@ -62,11 +62,6 @@ "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/394404" }, - { - "name": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt", - "refsource": "MISC", - "url": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt" - }, { "name": "14767", "refsource": "SECUNIA", @@ -76,6 +71,11 @@ "name": "12912", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12912" + }, + { + "name": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/tincat2bof-adv.txt" } ] } diff --git a/2005/0xxx/CVE-2005-0958.json b/2005/0xxx/CVE-2005-0958.json index 3e26febce84..598236705ab 100644 --- a/2005/0xxx/CVE-2005-0958.json +++ b/2005/0xxx/CVE-2005-0958.json @@ -52,16 +52,6 @@ }, "references": { "reference_data": [ - { - "name": "http://unl0ck.org/files/papers/mtftpd.txt", - "refsource": "MISC", - "url": "http://unl0ck.org/files/papers/mtftpd.txt" - }, - { - "name": "http://www.securiteam.com/exploits/5KP0W0AF5K.html", - "refsource": "MISC", - "url": "http://www.securiteam.com/exploits/5KP0W0AF5K.html" - }, { "name": "12947", "refsource": "BID", @@ -71,6 +61,16 @@ "name": "http://www.tripbit.org/advisories/TA-040305.txt", "refsource": "MISC", "url": "http://www.tripbit.org/advisories/TA-040305.txt" + }, + { + "name": "http://unl0ck.org/files/papers/mtftpd.txt", + "refsource": "MISC", + "url": "http://unl0ck.org/files/papers/mtftpd.txt" + }, + { + "name": "http://www.securiteam.com/exploits/5KP0W0AF5K.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5KP0W0AF5K.html" } ] } diff --git a/2005/2xxx/CVE-2005-2141.json b/2005/2xxx/CVE-2005-2141.json index 1d324baaf79..898b38bfd50 100644 --- a/2005/2xxx/CVE-2005-2141.json +++ b/2005/2xxx/CVE-2005-2141.json @@ -52,16 +52,16 @@ }, "references": { "reference_data": [ - { - "name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65", - "refsource": "MISC", - "url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65" - }, { "name": "1014371", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014371" }, + { + "name": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65", + "refsource": "MISC", + "url": "http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65" + }, { "name": "http://addict3d.org/index.php?page=viewarticle&type=security&ID=4377", "refsource": "MISC", diff --git a/2005/2xxx/CVE-2005-2173.json b/2005/2xxx/CVE-2005-2173.json index 93e341fa596..81532e27a6a 100644 --- a/2005/2xxx/CVE-2005-2173.json +++ b/2005/2xxx/CVE-2005-2173.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "name": "1014428", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014428" + }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=293159", "refsource": "CONFIRM", @@ -61,11 +66,6 @@ "name": "http://www.bugzilla.org/security/2.18.1/", "refsource": "CONFIRM", "url": "http://www.bugzilla.org/security/2.18.1/" - }, - { - "name": "1014428", - "refsource": "SECTRACK", - "url": "http://securitytracker.com/id?1014428" } ] } diff --git a/2020/5xxx/CVE-2020-5000.json b/2020/5xxx/CVE-2020-5000.json index d5c4ccf67d5..77c2aa32d02 100644 --- a/2020/5xxx/CVE-2020-5000.json +++ b/2020/5xxx/CVE-2020-5000.json @@ -1,93 +1,93 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } - ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/6463313", - "name" : "https://www.ibm.com/support/pages/node/6463313", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 6463313 (Financial Transaction Manager)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-ftm-cve20205000-xss (192952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/192952" - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.", - "lang" : "eng" - } - ] - }, - "data_version" : "4.0", - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "E" : "H", - "RC" : "C" - }, - "BM" : { - "SCORE" : "5.400", - "AC" : "L", - "I" : "L", - "UI" : "R", - "S" : "C", - "AV" : "N", - "PR" : "L", - "C" : "L", - "A" : "N" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Financial Transaction Manager", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.2" - }, - { - "version_value" : "3.2.4" - } - ] - } - } - ] - } + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] } - ] - } - }, - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ID" : "CVE-2020-5000", - "DATE_PUBLIC" : "2021-06-14T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "data_type" : "CVE" -} + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/6463313", + "name": "https://www.ibm.com/support/pages/node/6463313", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 6463313 (Financial Transaction Manager)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-ftm-cve20205000-xss (192952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192952" + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192952.", + "lang": "eng" + } + ] + }, + "data_version": "4.0", + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "E": "H", + "RC": "C" + }, + "BM": { + "SCORE": "5.400", + "AC": "L", + "I": "L", + "UI": "R", + "S": "C", + "AV": "N", + "PR": "L", + "C": "L", + "A": "N" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Financial Transaction Manager", + "version": { + "version_data": [ + { + "version_value": "3.0.2" + }, + { + "version_value": "3.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2020-5000", + "DATE_PUBLIC": "2021-06-14T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31485.json b/2021/31xxx/CVE-2021-31485.json index 778dffe7183..ee6c76670df 100644 --- a/2021/31xxx/CVE-2021-31485.json +++ b/2021/31xxx/CVE-2021-31485.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31485", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-625/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31486.json b/2021/31xxx/CVE-2021-31486.json index d3c9daf5c2d..874706540f9 100644 --- a/2021/31xxx/CVE-2021-31486.json +++ b/2021/31xxx/CVE-2021-31486.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31486", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-626/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31487.json b/2021/31xxx/CVE-2021-31487.json index b6df0799390..50694144510 100644 --- a/2021/31xxx/CVE-2021-31487.json +++ b/2021/31xxx/CVE-2021-31487.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31487", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-627/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31488.json b/2021/31xxx/CVE-2021-31488.json index 520a3a297ac..483aa242cdf 100644 --- a/2021/31xxx/CVE-2021-31488.json +++ b/2021/31xxx/CVE-2021-31488.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31488", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-628/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31489.json b/2021/31xxx/CVE-2021-31489.json index 716c2b24a42..34333e0839f 100644 --- a/2021/31xxx/CVE-2021-31489.json +++ b/2021/31xxx/CVE-2021-31489.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31489", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-629/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31490.json b/2021/31xxx/CVE-2021-31490.json index 3fbfbe71428..a89cf3eeeb6 100644 --- a/2021/31xxx/CVE-2021-31490.json +++ b/2021/31xxx/CVE-2021-31490.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31490", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-630/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31491.json b/2021/31xxx/CVE-2021-31491.json index 0665183c603..5c67ea29084 100644 --- a/2021/31xxx/CVE-2021-31491.json +++ b/2021/31xxx/CVE-2021-31491.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31491", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-631/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31492.json b/2021/31xxx/CVE-2021-31492.json index 6bcda136ea4..5c3ec157ee5 100644 --- a/2021/31xxx/CVE-2021-31492.json +++ b/2021/31xxx/CVE-2021-31492.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31492", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-632/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31493.json b/2021/31xxx/CVE-2021-31493.json index 47da1cd122e..2d6a557bbdc 100644 --- a/2021/31xxx/CVE-2021-31493.json +++ b/2021/31xxx/CVE-2021-31493.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31493", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-633/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31494.json b/2021/31xxx/CVE-2021-31494.json index 5085637e3db..b84ff88ab53 100644 --- a/2021/31xxx/CVE-2021-31494.json +++ b/2021/31xxx/CVE-2021-31494.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31494", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-634/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31495.json b/2021/31xxx/CVE-2021-31495.json index d01ee6011d9..85b03fdc412 100644 --- a/2021/31xxx/CVE-2021-31495.json +++ b/2021/31xxx/CVE-2021-31495.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31495", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-635/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31496.json b/2021/31xxx/CVE-2021-31496.json index f8dc06f2258..64c09e869f7 100644 --- a/2021/31xxx/CVE-2021-31496.json +++ b/2021/31xxx/CVE-2021-31496.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31496", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-636/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31497.json b/2021/31xxx/CVE-2021-31497.json index a78b7a8323b..aac251ca690 100644 --- a/2021/31xxx/CVE-2021-31497.json +++ b/2021/31xxx/CVE-2021-31497.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31497", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31498.json b/2021/31xxx/CVE-2021-31498.json index 162f1de1319..2186b491ed1 100644 --- a/2021/31xxx/CVE-2021-31498.json +++ b/2021/31xxx/CVE-2021-31498.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31498", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-638/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31499.json b/2021/31xxx/CVE-2021-31499.json index 9f479b79c5e..572e8c2b2f4 100644 --- a/2021/31xxx/CVE-2021-31499.json +++ b/2021/31xxx/CVE-2021-31499.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31499", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-639/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31500.json b/2021/31xxx/CVE-2021-31500.json index 028660f2c33..5b001e9c9b3 100644 --- a/2021/31xxx/CVE-2021-31500.json +++ b/2021/31xxx/CVE-2021-31500.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31500", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "rgod", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-822: Untrusted Pointer Dereference" - } + }, + "credit": "rgod", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-822: Untrusted Pointer Dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-640/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31501.json b/2021/31xxx/CVE-2021-31501.json index 86a509b0ea4..40e774d594e 100644 --- a/2021/31xxx/CVE-2021-31501.json +++ b/2021/31xxx/CVE-2021-31501.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31501", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "16.6.3.84" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "16.6.3.84" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-641/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/31xxx/CVE-2021-31502.json b/2021/31xxx/CVE-2021-31502.json index fa78ab2d081..922168c0737 100644 --- a/2021/31xxx/CVE-2021-31502.json +++ b/2021/31xxx/CVE-2021-31502.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2021-31502", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Brava! Desktop", - "version": { - "version_data": [ - { - "version_value": "Build 16.6.4.55" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2021-31502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brava! Desktop", + "version": { + "version_data": [ + { + "version_value": "Build 16.6.4.55" + } + ] + } + } + ] + }, + "vendor_name": "OpenText" } - } ] - }, - "vendor_name": "OpenText" } - ] - } - }, - "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2021/32xxx/CVE-2021-32683.json b/2021/32xxx/CVE-2021-32683.json index 3c986566a98..fcdb1ad389a 100644 --- a/2021/32xxx/CVE-2021-32683.json +++ b/2021/32xxx/CVE-2021-32683.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com).\nIn particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com.\nThis allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs." + "value": "wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and paste it in the URL bar), an the image payload is executed on the domain hosting the app (app.wire.com). In particular, if an image contains malicious code in addition to the actual picture, this code is executed on app.wire.com. This allows the attacker to fully control the user account. The vulnerability was patched in version 2021-06-01-production.0. As a workaround, users should not try to open image URLs." } ] },