From f48d5603a0ca5df1679a566934c3f8d5b49065b9 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 5 Mar 2021 08:10:19 +0000 Subject: automatic update --- data/CVE/2021.list | 122 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 69 insertions(+), 53 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 99bb101940..c0c9e34915 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,23 @@ +CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...) + TODO: check +CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...) + TODO: check +CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...) + TODO: check +CVE-2021-27962 + RESERVED +CVE-2021-27961 + RESERVED +CVE-2021-27960 + RESERVED +CVE-2021-27959 + RESERVED +CVE-2021-27958 + RESERVED +CVE-2021-27957 + RESERVED +CVE-2021-27956 + RESERVED CVE-2021-27955 RESERVED CVE-2021-27954 @@ -1352,8 +1372,8 @@ CVE-2021-27316 RESERVED CVE-2021-27315 RESERVED -CVE-2021-27314 - RESERVED +CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...) + TODO: check CVE-2021-27313 RESERVED CVE-2021-27312 @@ -2047,10 +2067,10 @@ CVE-2021-26991 RESERVED CVE-2021-26990 RESERVED -CVE-2021-26989 - RESERVED -CVE-2021-26988 - RESERVED +CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...) + TODO: check +CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) + TODO: check CVE-2021-26987 RESERVED CVE-2021-26986 @@ -2163,14 +2183,12 @@ CVE-2021-23217 RESERVED CVE-2021-23201 RESERVED -CVE-2021-3404 - RESERVED +CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...) - libytnef 1.9.3-3 (bug #982596) [buster] - libytnef (Minor issue) [stretch] - libytnef (Minor issue) NOTE: https://github.com/Yeraze/ytnef/issues/86 -CVE-2021-3403 - RESERVED +CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...) - libytnef 1.9.3-3 (bug #982594) [buster] - libytnef (Minor issue) [stretch] - libytnef (Minor issue) @@ -2376,13 +2394,11 @@ CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended acc NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/ -CVE-2021-24032 [zstd allows for race-opening files being compressed or uncompressed] - RESERVED +CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...) {DSA-4859-1 DLA-2573-1} - libzstd 1.4.8+dfsg-2 (bug #982519) NOTE: https://github.com/facebook/zstd/issues/2491 -CVE-2021-24031 [zstd adds read permissions to files while being compressed or uncompressed] - RESERVED +CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...) {DSA-4850-1 DLA-2573-1} - libzstd 1.4.8+dfsg-1 (bug #981404) NOTE: https://github.com/facebook/zstd/issues/1630 @@ -3722,8 +3738,8 @@ CVE-2021-3327 RESERVED CVE-2021-26294 RESERVED -CVE-2021-26293 - RESERVED +CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...) + TODO: check CVE-2021-26292 RESERVED CVE-2021-26291 @@ -5926,42 +5942,42 @@ CVE-2021-25350 RESERVED CVE-2021-25349 RESERVED -CVE-2021-25348 - RESERVED -CVE-2021-25347 - RESERVED -CVE-2021-25346 - RESERVED -CVE-2021-25345 - RESERVED -CVE-2021-25344 - RESERVED -CVE-2021-25343 - RESERVED -CVE-2021-25342 - RESERVED -CVE-2021-25341 - RESERVED -CVE-2021-25340 - RESERVED -CVE-2021-25339 - RESERVED -CVE-2021-25338 - RESERVED -CVE-2021-25337 - RESERVED -CVE-2021-25336 - RESERVED -CVE-2021-25335 - RESERVED -CVE-2021-25334 - RESERVED -CVE-2021-25333 - RESERVED -CVE-2021-25332 - RESERVED -CVE-2021-25331 - RESERVED +CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...) + TODO: check +CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...) + TODO: check +CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...) + TODO: check +CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...) + TODO: check +CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...) + TODO: check +CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...) + TODO: check +CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...) + TODO: check +CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...) + TODO: check +CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...) + TODO: check +CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...) + TODO: check +CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...) + TODO: check +CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...) + TODO: check +CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...) + TODO: check +CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...) + TODO: check +CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...) + TODO: check +CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check +CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check +CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...) + TODO: check CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...) NOT-FOR-US: MobileWips application CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) @@ -12412,7 +12428,7 @@ CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. NOT-FOR-US: Huawei CVE-2021-22297 RESERVED -CVE-2021-22296 (A component of the HarmonyOS 2.0 has a DoS vulnerability. Local attack ...) +CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...) NOT-FOR-US: HarmonyOS CVE-2021-22295 RESERVED -- cgit v1.2.3