From fd071e0438507d4f0cf4358343267a2d86e8ea26 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 19 Apr 2021 16:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18640.json | 10 ++++++ 2020/28xxx/CVE-2020-28141.json | 56 ++++++++++++++++++++++++++++++---- 2020/36xxx/CVE-2020-36323.json | 5 +++ 2021/27xxx/CVE-2021-27027.json | 50 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27028.json | 50 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27029.json | 50 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27030.json | 50 ++++++++++++++++++++++++++++-- 2021/27xxx/CVE-2021-27031.json | 50 ++++++++++++++++++++++++++++-- 8 files changed, 300 insertions(+), 21 deletions(-) diff --git a/2017/18xxx/CVE-2017-18640.json b/2017/18xxx/CVE-2017-18640.json index 643f084d53b..3b63ac3f717 100644 --- a/2017/18xxx/CVE-2017-18640.json +++ b/2017/18xxx/CVE-2017-18640.json @@ -286,6 +286,16 @@ "refsource": "MLIST", "name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.", "url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5@%3Ccommon-commits.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640", + "url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e@%3Cdev.phoenix.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640", + "url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b@%3Cdev.phoenix.apache.org%3E" } ] } diff --git a/2020/28xxx/CVE-2020-28141.json b/2020/28xxx/CVE-2020-28141.json index 756d7dfc7e5..b76b78494cb 100644 --- a/2020/28xxx/CVE-2020-28141.json +++ b/2020/28xxx/CVE-2020-28141.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28141", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28141", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "48897", + "url": "https://www.exploit-db.com/exploits/48897" } ] } diff --git a/2020/36xxx/CVE-2020-36323.json b/2020/36xxx/CVE-2020-36323.json index 85930cb2cbf..e8cb25b6dc2 100644 --- a/2020/36xxx/CVE-2020-36323.json +++ b/2020/36xxx/CVE-2020-36323.json @@ -61,6 +61,11 @@ "url": "https://github.com/rust-lang/rust/pull/81728", "refsource": "MISC", "name": "https://github.com/rust-lang/rust/pull/81728" + }, + { + "refsource": "MISC", + "name": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174", + "url": "https://github.com/rust-lang/rust/pull/81728#issuecomment-821549174" } ] } diff --git a/2021/27xxx/CVE-2021-27027.json b/2021/27xxx/CVE-2021-27027.json index 456eb2f43f1..1e07fe96996 100644 --- a/2021/27xxx/CVE-2021-27027.json +++ b/2021/27xxx/CVE-2021-27027.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27027", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk FBX Review", + "version": { + "version_data": [ + { + "version_value": "1.4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-Of-Bounds Read Vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure." } ] } diff --git a/2021/27xxx/CVE-2021-27028.json b/2021/27xxx/CVE-2021-27028.json index 538f73ecc1c..6944b6c17f5 100644 --- a/2021/27xxx/CVE-2021-27028.json +++ b/2021/27xxx/CVE-2021-27028.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27028", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk FBX Review", + "version": { + "version_data": [ + { + "version_value": "1.4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption - Generic" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files." } ] } diff --git a/2021/27xxx/CVE-2021-27029.json b/2021/27xxx/CVE-2021-27029.json index 02fea6a0cff..558ed51540f 100644 --- a/2021/27xxx/CVE-2021-27029.json +++ b/2021/27xxx/CVE-2021-27029.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk FBX Review", + "version": { + "version_data": [ + { + "version_value": "1.4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted Pointer Dereference Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a denial of service." } ] } diff --git a/2021/27xxx/CVE-2021-27030.json b/2021/27xxx/CVE-2021-27030.json index e78a13ebd27..4d9814ced12 100644 --- a/2021/27xxx/CVE-2021-27030.json +++ b/2021/27xxx/CVE-2021-27030.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27030", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk FBX Review", + "version": { + "version_data": [ + { + "version_value": "1.4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX\u2019s Review causing it to run arbitrary code on the system." } ] } diff --git a/2021/27xxx/CVE-2021-27031.json b/2021/27xxx/CVE-2021-27031.json index 7e8d3b62b6a..29b1d83a34a 100644 --- a/2021/27xxx/CVE-2021-27031.json +++ b/2021/27xxx/CVE-2021-27031.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-27031", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@autodesk.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Autodesk FBX Review", + "version": { + "version_data": [ + { + "version_value": "1.4.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001", + "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system." } ] }