[Git][security-tracker-team/security-tracker][master] automatic update

Tue Sep 28 09:10:24 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6fb5663 by security tracker role at 2021-09-28T08:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2021-3837
+	RESERVED
 CVE-2021-41766
 	RESERVED
 CVE-2021-3836
@@ -1427,14 +1429,14 @@ CVE-2021-41100
 	RESERVED
 CVE-2021-41099
 	RESERVED
-CVE-2021-41098
-	RESERVED
+CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
+	TODO: check
 CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...)
 	TODO: check
-CVE-2021-41096
-	RESERVED
-CVE-2021-41095
-	RESERVED
+CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...)
+	TODO: check
+CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...)
+	TODO: check
 CVE-2021-41094
 	RESERVED
 CVE-2021-41093
@@ -10350,16 +10352,16 @@ CVE-2021-37276
 	RESERVED
 CVE-2021-37275
 	RESERVED
-CVE-2021-37274
-	RESERVED
+CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
+	TODO: check
 CVE-2021-37273
 	RESERVED
 CVE-2021-37272
 	RESERVED
 CVE-2021-37271
 	RESERVED
-CVE-2021-37270
-	RESERVED
+CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...)
+	TODO: check
 CVE-2021-37269
 	RESERVED
 CVE-2021-37268
@@ -66051,7 +66053,7 @@ CVE-2020-27341
 	RESERVED
 CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...)
 	NOT-FOR-US: Mitel
-CVE-2020-27339 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in  ...)
+CVE-2020-27339 (Insyde found that a number of SMM drivers in InsydeH2O did not correct ...)
 	NOT-FOR-US: Insyde
 CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input  ...)
 	NOT-FOR-US: Treck
@@ -71925,8 +71927,8 @@ CVE-2020-24932
 	RESERVED
 CVE-2020-24931
 	RESERVED
-CVE-2020-24930
-	RESERVED
+CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open ...)
+	TODO: check
 CVE-2020-24929
 	RESERVED
 CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...)
@@ -72797,7 +72799,7 @@ CVE-2020-24576 (Netskope Client through 77 allows low-privileged users to elevat
 	NOT-FOR-US: Netskope Client
 CVE-2020-24575
 	RESERVED
-CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20  ...)
+CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41  ...)
 	NOT-FOR-US: GOG Galaxy client
 CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of ...)
 	NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
@@ -81141,18 +81143,18 @@ CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-C
 	NOT-FOR-US: S-CMS PHP
 CVE-2020-20697
 	RESERVED
-CVE-2020-20696
-	RESERVED
-CVE-2020-20695
-	RESERVED
+CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...)
+	TODO: check
+CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...)
+	TODO: check
 CVE-2020-20694
 	RESERVED
-CVE-2020-20693
-	RESERVED
-CVE-2020-20692
-	RESERVED
-CVE-2020-20691
-	RESERVED
+CVE-2020-20693 (A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenti ...)
+	TODO: check
+CVE-2020-20692 (GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2020-20691 (An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary w ...)
+	TODO: check
 CVE-2020-20690
 	RESERVED
 CVE-2020-20689



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fb5663d555dcc2dc331bc4c0aa2ab75bdbe0df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6fb5663d555dcc2dc331bc4c0aa2ab75bdbe0df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210928/5b42a764/attachment.htm>
