[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 9 21:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54ae7eab by security tracker role at 2021-04-09T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3488
+ RESERVED
CVE-2021-30479
RESERVED
CVE-2021-30478
@@ -1743,8 +1745,8 @@ CVE-2021-29673
RESERVED
CVE-2021-29672
RESERVED
-CVE-2021-29671
- RESERVED
+CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
+ TODO: check
CVE-2021-29670
RESERVED
CVE-2021-29669
@@ -2793,8 +2795,8 @@ CVE-2021-29223
RESERVED
CVE-2021-29222
RESERVED
-CVE-2021-29221
- RESERVED
+CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...)
+ TODO: check
CVE-2021-29220
RESERVED
CVE-2021-29219
@@ -4032,6 +4034,7 @@ CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.
CVE-2021-28659
RESERVED
CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...)
+ {DLA-2622-1}
- python-django 2:2.2.20-1 (bug #986447)
NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
@@ -11887,24 +11890,24 @@ CVE-2021-25383
RESERVED
CVE-2021-25382
RESERVED
-CVE-2021-25381
- RESERVED
-CVE-2021-25380
- RESERVED
-CVE-2021-25379
- RESERVED
-CVE-2021-25378
- RESERVED
-CVE-2021-25377
- RESERVED
-CVE-2021-25376
- RESERVED
-CVE-2021-25375
- RESERVED
-CVE-2021-25374
- RESERVED
-CVE-2021-25373
- RESERVED
+CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
+ TODO: check
+CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...)
+ TODO: check
+CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...)
+ TODO: check
+CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...)
+ TODO: check
+CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...)
+ TODO: check
+CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...)
+ TODO: check
+CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...)
+ TODO: check
+CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...)
+ TODO: check
+CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...)
+ TODO: check
CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
NOT-FOR-US: Samsung
CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...)
@@ -11919,26 +11922,26 @@ CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4
NOT-FOR-US: Samsung
CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
NOT-FOR-US: Samsung
-CVE-2021-25365
- RESERVED
-CVE-2021-25364
- RESERVED
-CVE-2021-25363
- RESERVED
-CVE-2021-25362
- RESERVED
-CVE-2021-25361
- RESERVED
-CVE-2021-25360
- RESERVED
-CVE-2021-25359
- RESERVED
-CVE-2021-25358
- RESERVED
-CVE-2021-25357
- RESERVED
-CVE-2021-25356
- RESERVED
+CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...)
+ TODO: check
+CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...)
+ TODO: check
+CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...)
+ TODO: check
+CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...)
+ TODO: check
+CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...)
+ TODO: check
+CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...)
+ TODO: check
+CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...)
+ TODO: check
+CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...)
+ TODO: check
+CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...)
+ TODO: check
+CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...)
+ TODO: check
CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
NOT-FOR-US: Samsung
CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
@@ -12025,12 +12028,12 @@ CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomc
NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63)
NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108)
NOTE: CVE is for incomplete fix for CVE-2020-9484.
-CVE-2021-25328
- RESERVED
-CVE-2021-25327
- RESERVED
-CVE-2021-25326
- RESERVED
+CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...)
+ TODO: check
+CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...)
+ TODO: check
+CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...)
+ TODO: check
CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
NOT-FOR-US: MISP
CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
@@ -14582,7 +14585,7 @@ CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffi
NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
NOT-FOR-US: Envira Gallery Lite WordPress plugin
-CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin, ve ...)
+CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin bef ...)
NOT-FOR-US: Contact Form Submissions WordPress plugin
CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...)
NOT-FOR-US: WP Shieldon WordPress plugin
@@ -19861,8 +19864,8 @@ CVE-2021-21730
RESERVED
CVE-2021-21729
RESERVED
-CVE-2021-21728
- RESERVED
+CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
+ TODO: check
CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
NOT-FOR-US: ZTE
CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
@@ -21716,12 +21719,12 @@ CVE-2020-35629
CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
- cgal 5.2-3 (bug #985671)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
-CVE-2021-21433
- RESERVED
-CVE-2021-21432
- RESERVED
-CVE-2021-21431
- RESERVED
+CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...)
+ TODO: check
+CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+ TODO: check
+CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...)
+ TODO: check
CVE-2021-21430
RESERVED
CVE-2021-21429
@@ -25293,8 +25296,8 @@ CVE-2021-20082
RESERVED
CVE-2021-20081
RESERVED
-CVE-2021-20080
- RESERVED
+CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
+ TODO: check
CVE-2021-20079
RESERVED
CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
@@ -25656,10 +25659,10 @@ CVE-2021-20024
RESERVED
CVE-2021-20023
RESERVED
-CVE-2021-20022
- RESERVED
-CVE-2021-20021
- RESERVED
+CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
+ TODO: check
+CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...)
+ TODO: check
CVE-2021-20020
RESERVED
CVE-2021-20019
@@ -45482,12 +45485,12 @@ CVE-2020-23765
RESERVED
CVE-2020-23764
RESERVED
-CVE-2020-23763
- RESERVED
-CVE-2020-23762
- RESERVED
-CVE-2020-23761
- RESERVED
+CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows remote atta ...)
+ TODO: check
+CVE-2020-23762 (Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugi ...)
+ TODO: check
+CVE-2020-23761 (Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= ...)
+ TODO: check
CVE-2020-23760
RESERVED
CVE-2020-23759
@@ -49242,10 +49245,10 @@ CVE-2020-21886
RESERVED
CVE-2020-21885
RESERVED
-CVE-2020-21884
- RESERVED
-CVE-2020-21883
- RESERVED
+CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Seri ...)
+ TODO: check
+CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Ser ...)
+ TODO: check
CVE-2020-21882
RESERVED
CVE-2020-21881
@@ -68234,18 +68237,18 @@ CVE-2020-13662 [Drupal SA 2020-003]
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-003
NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072
-CVE-2020-13592
- RESERVED
-CVE-2020-13591
- RESERVED
+CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lists/cho ...)
+ TODO: check
+CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...)
+ TODO: check
CVE-2020-13590
RESERVED
CVE-2020-13589
RESERVED
CVE-2020-13588
RESERVED
-CVE-2020-13587
- RESERVED
+CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...)
+ TODO: check
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
NOT-FOR-US: SoftMaker
CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
@@ -68368,12 +68371,12 @@ CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in
NOT-FOR-US: Microsoft
CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...)
NOT-FOR-US: Kepware LinkMaster
-CVE-2020-13534
- RESERVED
-CVE-2020-13533
- RESERVED
-CVE-2020-13532
- RESERVED
+CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. C ...)
+ TODO: check
+CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...)
+ TODO: check
+CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...)
+ TODO: check
CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
@@ -271860,85 +271863,85 @@ CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same Origin
CVE-2017-0001 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Wi ...)
NOT-FOR-US: Microsoft
CVE-2016-8200
- RESERVED
+ REJECTED
CVE-2016-8199
- RESERVED
+ REJECTED
CVE-2016-8198
- RESERVED
+ REJECTED
CVE-2016-8197
- RESERVED
+ REJECTED
CVE-2016-8196
- RESERVED
+ REJECTED
CVE-2016-8195
- RESERVED
+ REJECTED
CVE-2016-8194
- RESERVED
+ REJECTED
CVE-2016-8193
- RESERVED
+ REJECTED
CVE-2016-8192
- RESERVED
+ REJECTED
CVE-2016-8191
- RESERVED
+ REJECTED
CVE-2016-8190
- RESERVED
+ REJECTED
CVE-2016-8189
- RESERVED
+ REJECTED
CVE-2016-8188
- RESERVED
+ REJECTED
CVE-2016-8187
- RESERVED
+ REJECTED
CVE-2016-8186
- RESERVED
+ REJECTED
CVE-2016-8185
- RESERVED
+ REJECTED
CVE-2016-8184
- RESERVED
+ REJECTED
CVE-2016-8183
- RESERVED
+ REJECTED
CVE-2016-8182
- RESERVED
+ REJECTED
CVE-2016-8181
- RESERVED
+ REJECTED
CVE-2016-8180
- RESERVED
+ REJECTED
CVE-2016-8179
- RESERVED
+ REJECTED
CVE-2016-8178
- RESERVED
+ REJECTED
CVE-2016-8177
- RESERVED
+ REJECTED
CVE-2016-8176
- RESERVED
+ REJECTED
CVE-2016-8175
- RESERVED
+ REJECTED
CVE-2016-8174
- RESERVED
+ REJECTED
CVE-2016-8173
- RESERVED
+ REJECTED
CVE-2016-8172
- RESERVED
+ REJECTED
CVE-2016-8171
- RESERVED
+ REJECTED
CVE-2016-8170
- RESERVED
+ REJECTED
CVE-2016-8169
- RESERVED
+ REJECTED
CVE-2016-8168
- RESERVED
+ REJECTED
CVE-2016-8167
- RESERVED
+ REJECTED
CVE-2016-8166
- RESERVED
+ REJECTED
CVE-2016-8165
- RESERVED
+ REJECTED
CVE-2016-8164
- RESERVED
+ REJECTED
CVE-2016-8163
- RESERVED
+ REJECTED
CVE-2016-8162
- RESERVED
+ REJECTED
CVE-2016-8161
- RESERVED
+ REJECTED
CVE-2016-8160
REJECTED
CVE-2016-8159
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ae7eab65ff6c4304fe19015868d9b9310ffedc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ae7eab65ff6c4304fe19015868d9b9310ffedc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210409/18aba759/attachment.htm>
More information about the debian-security-tracker-commits
mailing list