From 5c4a00d2647690955ec314e349a6959ae73f6300 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 1 Mar 2021 01:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/27xxx/CVE-2021-27225.json | 75 +++++++++++++++++++++++++++++++--- 2021/27xxx/CVE-2021-27799.json | 2 +- 2 files changed, 70 insertions(+), 7 deletions(-) diff --git a/2021/27xxx/CVE-2021-27225.json b/2021/27xxx/CVE-2021-27225.json index 400c01a816d..a415e52fdd9 100644 --- a/2021/27xxx/CVE-2021-27225.json +++ b/2021/27xxx/CVE-2021-27225.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-27225", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-27225", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://doc.dataiku.com/dss/latest/", + "refsource": "MISC", + "name": "https://doc.dataiku.com/dss/latest/" + }, + { + "refsource": "CONFIRM", + "name": "https://doc.dataiku.com/dss/8.0/security/advisories/cve-2021-27225.html", + "url": "https://doc.dataiku.com/dss/8.0/security/advisories/cve-2021-27225.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2021/27xxx/CVE-2021-27799.json b/2021/27xxx/CVE-2021-27799.json index d17a87b9c08..5cd84ecb4ba 100644 --- a/2021/27xxx/CVE-2021-27799.json +++ b/2021/27xxx/CVE-2021-27799.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.19.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code." + "value": "ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code." } ] },