[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Mar 5 08:10:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fdcefbd6 by security tracker role at 2021-03-05T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
+	TODO: check
+CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
+	TODO: check
+CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
+	TODO: check
+CVE-2021-27962
+	RESERVED
+CVE-2021-27961
+	RESERVED
+CVE-2021-27960
+	RESERVED
+CVE-2021-27959
+	RESERVED
+CVE-2021-27958
+	RESERVED
+CVE-2021-27957
+	RESERVED
+CVE-2021-27956
+	RESERVED
+CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...)
+	TODO: check
+CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...)
+	TODO: check
 CVE-2021-27955
 	RESERVED
 CVE-2021-27954
@@ -1387,8 +1411,8 @@ CVE-2021-27316
 	RESERVED
 CVE-2021-27315
 	RESERVED
-CVE-2021-27314
-	RESERVED
+CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an  ...)
+	TODO: check
 CVE-2021-27313
 	RESERVED
 CVE-2021-27312
@@ -2086,10 +2110,10 @@ CVE-2021-26991
 	RESERVED
 CVE-2021-26990
 	RESERVED
-CVE-2021-26989
-	RESERVED
-CVE-2021-26988
-	RESERVED
+CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...)
+	TODO: check
+CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
+	TODO: check
 CVE-2021-26987
 	RESERVED
 CVE-2021-26986
@@ -2207,14 +2231,12 @@ CVE-2020-36244 (The daemon in GENIVI Diagnostic Log and Trace (DLT) before 2.18.
 	NOTE: https://github.com/GENIVI/dlt-daemon/issues/265
 	NOTE: https://github.com/GENIVI/dlt-daemon/pull/269
 	NOTE: https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6)
-CVE-2021-3404
-	RESERVED
+CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...)
 	- libytnef 1.9.3-3 (bug #982596)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
 	NOTE: https://github.com/Yeraze/ytnef/issues/86
-CVE-2021-3403
-	RESERVED
+CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows  ...)
 	- libytnef 1.9.3-3 (bug #982594)
 	[buster] - libytnef <no-dsa> (Minor issue)
 	[stretch] - libytnef <no-dsa> (Minor issue)
@@ -2420,13 +2442,11 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc
 	NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
 	NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
 	NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
-CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed]
-	RESERVED
+CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for  ...)
 	{DSA-4859-1 DLA-2573-1}
 	- libzstd 1.4.8+dfsg-2 (bug #982519)
 	NOTE: https://github.com/facebook/zstd/issues/2491
-CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed]
-	RESERVED
+CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
 	{DSA-4850-1 DLA-2573-1}
 	- libzstd 1.4.8+dfsg-1 (bug #981404)
 	NOTE: https://github.com/facebook/zstd/issues/1630
@@ -3798,8 +3818,8 @@ CVE-2021-3327
 	RESERVED
 CVE-2021-26294
 	RESERVED
-CVE-2021-26293
-	RESERVED
+CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
+	TODO: check
 CVE-2021-26292
 	RESERVED
 CVE-2021-26291
@@ -6140,42 +6160,42 @@ CVE-2021-25350
 	RESERVED
 CVE-2021-25349
 	RESERVED
-CVE-2021-25348
-	RESERVED
-CVE-2021-25347
-	RESERVED
-CVE-2021-25346
-	RESERVED
-CVE-2021-25345
-	RESERVED
-CVE-2021-25344
-	RESERVED
-CVE-2021-25343
-	RESERVED
-CVE-2021-25342
-	RESERVED
-CVE-2021-25341
-	RESERVED
-CVE-2021-25340
-	RESERVED
-CVE-2021-25339
-	RESERVED
-CVE-2021-25338
-	RESERVED
-CVE-2021-25337
-	RESERVED
-CVE-2021-25336
-	RESERVED
-CVE-2021-25335
-	RESERVED
-CVE-2021-25334
-	RESERVED
-CVE-2021-25333
-	RESERVED
-CVE-2021-25332
-	RESERVED
-CVE-2021-25331
-	RESERVED
+CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
+	TODO: check
+CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to  ...)
+	TODO: check
+CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...)
+	TODO: check
+CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...)
+	TODO: check
+CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021  ...)
+	TODO: check
+CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
+	TODO: check
+CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
+	TODO: check
+CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
+	TODO: check
+CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
+	TODO: check
+CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
+	TODO: check
+CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior  ...)
+	TODO: check
+CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...)
+	TODO: check
+CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...)
+	TODO: check
+CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...)
+	TODO: check
+CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...)
+	TODO: check
+CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	TODO: check
+CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	TODO: check
+CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+	TODO: check
 CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
 	NOT-FOR-US: MobileWips application
 CVE-2020-36198
@@ -12773,7 +12793,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product.
 	NOT-FOR-US: Huawei
 CVE-2021-22297
 	RESERVED
-CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...)
+CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers  ...)
 	NOT-FOR-US: HarmonyOS
 CVE-2021-22295
 	RESERVED
@@ -15779,8 +15799,8 @@ CVE-2020-35638
 	RESERVED
 CVE-2020-35637
 	RESERVED
-CVE-2020-35636
-	RESERVED
+CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-35635
 	RESERVED
 CVE-2020-35634
@@ -15795,8 +15815,8 @@ CVE-2020-35630
 	RESERVED
 CVE-2020-35629
 	RESERVED
-CVE-2020-35628
-	RESERVED
+CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2021-21433
 	RESERVED
 CVE-2021-21432
@@ -25572,8 +25592,8 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine
 	NOTE: https://github.com/dyne/Tomb/issues/392
 CVE-2020-28637
 	RESERVED
-CVE-2020-28636
-	RESERVED
+CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-28635
 	RESERVED
 CVE-2020-28634
@@ -25642,8 +25662,8 @@ CVE-2020-28603
 	RESERVED
 CVE-2020-28602
 	RESERVED
-CVE-2020-28601
-	RESERVED
+CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+	TODO: check
 CVE-2020-28600
 	RESERVED
 CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
@@ -35047,8 +35067,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs
 	NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...)
 	- wildfly <itp> (bug #752018)
-CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
-	RESERVED
+CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel’s  ...)
 	- linux 5.10.19-1
 	[buster] - linux <not-affected> (Vulnerable code introduced later)
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -76889,8 +76908,8 @@ CVE-2020-8300
 	RESERVED
 CVE-2020-8299
 	RESERVED
-CVE-2020-8298
-	RESERVED
+CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...)
+	TODO: check
 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
 	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
@@ -85251,8 +85270,8 @@ CVE-2020-5150
 	RESERVED
 CVE-2020-5149
 	RESERVED
-CVE-2020-5148
-	RESERVED
+CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...)
+	TODO: check
 CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...)
 	NOT-FOR-US: SonicWall
 CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...)
@@ -99395,8 +99414,8 @@ CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1
 	NOT-FOR-US: European Commission eIDAS-Node Integration Package
 CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...)
 	NOT-FOR-US: Centrify Authentication and Privilege Elevation Services
-CVE-2019-18630
-	RESERVED
+CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...)
+	TODO: check
 CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
 	NOT-FOR-US: Xerox
 CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
@@ -100315,8 +100334,8 @@ CVE-2019-18353
 	RESERVED
 CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices  ...)
 	NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
-CVE-2019-18351
-	RESERVED
+CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...)
+	TODO: check
 CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET  ...)
 	NOT-FOR-US: Ant Design Pro
 CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcefbd6cefab76ea34bed1c9a53cd5dc9882b21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcefbd6cefab76ea34bed1c9a53cd5dc9882b21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210305/15161f8b/attachment.htm>

More information about the debian-security-tracker-commits mailing list