[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 9 21:22:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b07d116 by Salvatore Bonaccorso at 2021-04-09T22:22:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1746,7 +1746,7 @@ CVE-2021-29673
CVE-2021-29672
RESERVED
CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29670
RESERVED
CVE-2021-29669
@@ -11891,21 +11891,21 @@ CVE-2021-25383
CVE-2021-25382
RESERVED
CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...)
- TODO: check
+ NOT-FOR-US: Bixby
CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...)
TODO: check
CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
@@ -11923,25 +11923,25 @@ CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4
CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
NOT-FOR-US: Samsung
CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
NOT-FOR-US: Samsung
CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
@@ -12029,11 +12029,11 @@ CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomc
NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108)
NOTE: CVE is for incomplete fix for CVE-2020-9484.
CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...)
- TODO: check
+ NOT-FOR-US: Skyworth Digital Technology RN510
CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...)
- TODO: check
+ NOT-FOR-US: Skyworth Digital Technology RN510
CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...)
- TODO: check
+ NOT-FOR-US: Skyworth Digital Technology RN510
CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
NOT-FOR-US: MISP
CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
@@ -19865,7 +19865,7 @@ CVE-2021-21730
CVE-2021-21729
RESERVED
CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
NOT-FOR-US: ZTE
CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
@@ -23692,21 +23692,21 @@ CVE-2021-20693
CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...)
TODO: check
CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
- TODO: check
+ NOT-FOR-US: Yomi-Search
CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
- TODO: check
+ NOT-FOR-US: Yomi-Search
CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
- TODO: check
+ NOT-FOR-US: Yomi-Search
CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...)
- TODO: check
+ NOT-FOR-US: Click Ranker
CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...)
- TODO: check
+ NOT-FOR-US: Kagemai
CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
- TODO: check
+ NOT-FOR-US: Kagemai
CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
- TODO: check
+ NOT-FOR-US: Kagemai
CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...)
- TODO: check
+ NOT-FOR-US: MagazinegerZ
CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...)
NOT-FOR-US: baserCMS
CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...)
@@ -25297,7 +25297,7 @@ CVE-2021-20082
CVE-2021-20081
RESERVED
CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
- TODO: check
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2021-20079
RESERVED
CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
@@ -25660,9 +25660,9 @@ CVE-2021-20024
CVE-2021-20023
RESERVED
CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2021-20020
RESERVED
CVE-2021-20019
@@ -31017,7 +31017,7 @@ CVE-2021-1487
CVE-2021-1486
RESERVED
CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1484
RESERVED
CVE-2021-1483
@@ -31027,9 +31027,9 @@ CVE-2021-1482
CVE-2021-1481
RESERVED
CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1478
RESERVED
CVE-2021-1477
@@ -31037,13 +31037,13 @@ CVE-2021-1477
CVE-2021-1476
RESERVED
CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1473 (Multiple vulnerabilities exist in the web-based management interface o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interface o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
NOT-FOR-US: Cisco
CVE-2021-1470
@@ -31053,7 +31053,7 @@ CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabbe
CVE-2021-1468
RESERVED
CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1466
RESERVED
CVE-2021-1465
@@ -31061,7 +31061,7 @@ CVE-2021-1465
CVE-2021-1464
RESERVED
CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1462
RESERVED
CVE-2021-1461
@@ -31069,7 +31069,7 @@ CVE-2021-1461
CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...)
NOT-FOR-US: Cisco
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1458
RESERVED
CVE-2021-1457
@@ -31147,7 +31147,7 @@ CVE-2021-1422
CVE-2021-1421
RESERVED
CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1419
RESERVED
CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
@@ -31157,11 +31157,11 @@ CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabbe
CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
NOT-FOR-US: Cisco
CVE-2021-1415 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1414 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1413 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
NOT-FOR-US: Cisco
CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
@@ -31169,13 +31169,13 @@ CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabbe
CVE-2021-1410
RESERVED
CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1405 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
TODO: check
CVE-2021-1404 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
@@ -31189,7 +31189,7 @@ CVE-2021-1401
CVE-2021-1400
RESERVED
CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...)
NOT-FOR-US: Cisco
CVE-2021-1397
@@ -31215,7 +31215,7 @@ CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orches
CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...)
NOT-FOR-US: Cisco
CVE-2021-1386 (A vulnerability in the dynamic link library (DLL) loading mechanism in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...)
NOT-FOR-US: Cisco
CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...)
@@ -31227,7 +31227,7 @@ CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could
CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
NOT-FOR-US: Cisco
CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1379
RESERVED
CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
@@ -31263,7 +31263,7 @@ CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager
CVE-2021-1363
RESERVED
CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...)
NOT-FOR-US: Cisco
CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -31369,9 +31369,9 @@ CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex M
CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...)
NOT-FOR-US: Cisco
CVE-2021-1309 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1308 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1306
@@ -31485,7 +31485,7 @@ CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of
CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...)
TODO: check
CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -31713,7 +31713,7 @@ CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Ma
CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
NOT-FOR-US: Cisco
CVE-2021-1137 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
NOT-FOR-US: Cisco
CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b07d1166ed68148ccb94fbb3d36e1653615af75
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b07d1166ed68148ccb94fbb3d36e1653615af75
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210409/a5452ad6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list