[Git][security-tracker-team/security-tracker][master] Add CVE-2021-23926/xmlbeans

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bfc6014d by Salvatore Bonaccorso at 2021-01-14T06:57:47+01:00
Add CVE-2021-23926/xmlbeans

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -171,8 +171,10 @@ CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via 
the ajax/apps/manifes
NOT-FOR-US: OX App Suite
 CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ 
character  ...)
NOT-FOR-US: OX App Suite
-CVE-2021-23926
+CVE-2021-23926 [XML Entity Expansion]
RESERVED
+- xmlbeans 3.0.2-1
+   NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
 CVE-2021-23925
RESERVED
 CVE-2021-23924



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc6014da04dd5dfb79c67c51b6b89ae92ffedc1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfc6014da04dd5dfb79c67c51b6b89ae92ffedc1
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-27827/lldpd

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bf4c2afb by Salvatore Bonaccorso at 2021-01-14T06:40:38+01:00
Add CVE-2020-27827/lldpd

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19410,8 +19410,11 @@ CVE-2020-27828 (There's a flaw in jasper's jpc encoder 
in versions prior to 2.0.
- jasper 
NOTE: https://github.com/jasper-software/jasper/issues/252
NOTE: https://github.com/jasper-software/jasper/pull/253
-CVE-2020-27827
+CVE-2020-27827 [lldp: avoid memory leak from bad packets]
RESERVED
+   - lldpd 1.0.8-1
+   NOTE: https://github.com/openvswitch/ovs/pull/337
+   NOTE: 
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
 CVE-2020-27826
RESERVED
NOT-FOR-US: Keycloak



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4c2afb25945f90de3a30b335077708978d1cb2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf4c2afb25945f90de3a30b335077708978d1cb2
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2020-26298/ruby-redcarpet via unstable

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3dccd012 by Salvatore Bonaccorso at 2021-01-13T23:01:46+01:00
Add fixed version for CVE-2020-26298/ruby-redcarpet via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -23423,7 +23423,7 @@ CVE-2020-26300
 CVE-2020-26299
RESERVED
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In 
Redcarpet befo ...)
-   - ruby-redcarpet  (bug #980057)
+   - ruby-redcarpet 3.5.1-1 (bug #980057)
NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
NOTE: 
https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
 CVE-2020-26297 (mdBook is a utility to create modern online books from 
Markdown files  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dccd012396b2bbf7db0e989e64f76a667383c7c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dccd012396b2bbf7db0e989e64f76a667383c7c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Wrap note for CVE-2020-24027

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a85a9a07 by Salvatore Bonaccorso at 2021-01-13T22:51:13+01:00
Wrap note for CVE-2020-24027

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28709,7 +28709,8 @@ CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any 
authenticated customer to
 CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there 
is a pote ...)
- liblivemedia 
NOTE: 
http://lists.live555.com/pipermail/live-devel/2020-July/021662.html
-   NOTE: Fixed in 2020.07.09 upstream 
(http://www.live555.com/liveMedia/public/changelog.txt)
+   NOTE: Fixed in 2020.07.09 upstream, cf.
+   NOTE: http://www.live555.com/liveMedia/public/changelog.txt
 CVE-2020-24026
RESERVED
 CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is 
disabled when r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85a9a074518cb6071dbdac7e56f34d1e82b0074

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85a9a074518cb6071dbdac7e56f34d1e82b0074
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24027/liblivemedia

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
620ddedf by Salvatore Bonaccorso at 2021-01-13T21:40:50+01:00
Add CVE-2020-24027/liblivemedia

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -28707,7 +28707,9 @@ CVE-2020-24029 (Because of unauthenticated password 
changes in ForLogic Qualiex
 CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer 
to achiev ...)
NOT-FOR-US: ForLogic Qualiex
 CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there 
is a pote ...)
-   TODO: check
+   - liblivemedia 
+   NOTE: 
http://lists.live555.com/pipermail/live-devel/2020-July/021662.html
+   NOTE: Fixed in 2020.07.09 upstream 
(http://www.live555.com/liveMedia/public/changelog.txt)
 CVE-2020-24026
RESERVED
 CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is 
disabled when r ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620ddedfd9d5a674944d6d2cc170293e5c074316

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/620ddedfd9d5a674944d6d2cc170293e5c074316
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
89c54df1 by Salvatore Bonaccorso at 2021-01-13T21:34:15+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -194,7 +194,7 @@ CVE-2021-3133 (The Elementor Contact Form DB plugin before 
1.6 for WordPress all
 CVE-2021-3132
RESERVED
 CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends 
base64 enco ...)
-   TODO: check
+   NOT-FOR-US: 1C:Enterprise
 CVE-2021-3130
RESERVED
 CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, 
allows u ...)
@@ -1771,9 +1771,9 @@ CVE-2021-3034
 CVE-2021-3033
RESERVED
 CVE-2021-3032 (An information exposure through log file vulnerability exists 
in Palo  ...)
-   TODO: check
+   NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, 
PA-800, P ...)
-   TODO: check
+   NOT-FOR-US: Palo Alto Networks
 CVE-2021-3030
RESERVED
 CVE-2021-23234
@@ -6397,7 +6397,7 @@ CVE-2020-35689
 CVE-2020-35688
RESERVED
 CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which 
leads to  ...)
-   TODO: check
+   NOT-FOR-US: PHP-Fusion
 CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software 
component mod ...)
NOT-FOR-US: Sound Research
 CVE-2020-35685
@@ -8356,7 +8356,7 @@ CVE-2021-20618
 CVE-2021-20617
RESERVED
 CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA 
Client  ...)
-   TODO: check
+   NOT-FOR-US: SKYSEA Client View
 CVE-2021-20615
RESERVED
 CVE-2021-20614
@@ -20771,7 +20771,7 @@ CVE-2020-27490
 CVE-2020-27489
RESERVED
 CVE-2020-27488 (Loxone Miniserver devices with firmware before 11.1 (aka 
11.1.9.3) are ...)
-   TODO: check
+   NOT-FOR-US: Loxone Miniserver devices
 CVE-2020-27487
RESERVED
 CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer 
Overflow. The ...)
@@ -22485,9 +22485,9 @@ CVE-2020-26715
 CVE-2020-26714
RESERVED
 CVE-2020-26713 (REDCap 10.3.4 contains a XSS vulnerability in the ToDoList 
function wi ...)
-   TODO: check
+   NOT-FOR-US: REDCap
 CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the 
ToDoList f ...)
-   TODO: check
+   NOT-FOR-US: REDCap
 CVE-2020-26711
RESERVED
 CVE-2020-26710
@@ -23880,7 +23880,7 @@ CVE-2020-26120 (XSS exists in the MobileFrontend 
extension for MediaWiki before
 CVE-2020-26119
RESERVED
 CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of 
the Google ...)
-   TODO: check
+   NOT-FOR-US: SmartBear Collaborator Server
 CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC 
before 1 ...)
{DLA-2396-1}
- tigervnc 1.10.1+dfsg-9 (bug #971272)
@@ -24048,7 +24048,7 @@ CVE-2020-26052
 CVE-2020-26051
RESERVED
 CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow 
local pr ...)
-   TODO: check
+   NOT-FOR-US: SaferVPN for Windows
 CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The 
impact is r ...)
NOT-FOR-US: Nifty-PM CPE
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows 
an authen ...)
@@ -27221,9 +27221,9 @@ CVE-2020-24703 (An issue was discovered in certain WSO2 
products. A valid Carbon
 CVE-2020-24702
RESERVED
 CVE-2020-24701 (OX App Suite through 7.10.4 allows XSS via the app loading 
mechanism ( ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2020-24700 (OX App Suite through 7.10.3 allows SSRF because GET requests 
are sent  ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for 
WordPress al ...)
NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress
 CVE-2020-24698 (An issue was discovered in PowerDNS Authoritative through 
4.3.0 when - ...)
@@ -29455,7 +29455,7 @@ CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross 
Site Scripting (XSS) on mod
 CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via 
the modu ...)
NOT-FOR-US: NavigateCMS
 CVE-2020-23653 (An insecure unserialize vulnerability was discovered in 
ThinkAdmin ver ...)
-   TODO: check
+   NOT-FOR-US: ThinkAdmin
 CVE-2020-23652
RESERVED
 CVE-2020-23651
@@ -29499,7 +29499,7 @@ CVE-2020-23633
 CVE-2020-23632
RESERVED
 CVE-2020-23631 (Cross-site request forgery (CSRF) in admin/global/manage.php 
in WDJA C ...)
-   TODO: check
+   NOT-FOR-US: WDJA CMS
 CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910 
based on ...)
NOT-FOR-US: zzcms
 CVE-2020-23629
@@ -44706,7 +44706,7 @@ CVE-2020-16148 (The 

[Git][security-tracker-team/security-tracker][master] MITRE assigned separate CVE for tcmu issue (related to CVE-2020-28374)

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
63e32712 by Salvatore Bonaccorso at 2021-01-13T21:22:47+01:00
MITRE assigned separate CVE for tcmu issue (related to CVE-2020-28374)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,7 +1,16 @@
 CVE-2021-3140
RESERVED
 CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 
1.5.2, xcopy ...)
-   TODO: check
+   - tcmu  (bug #980007)
+   NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
+   NOTE: https://www.openwall.com/lists/oss-security/2021/01/13/5
+   NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
+   NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644
+   NOTE: Fixed by: 
https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd
+   NOTE: Some followup fixes: 
https://github.com/open-iscsi/tcmu-runner/pull/646
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
 CVE-2021-24002
RESERVED
 CVE-2021-24001
@@ -16447,16 +16456,8 @@ CVE-2020-28375
RESERVED
 CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel 
before 5.10. ...)
- linux 
-   - tcmu  (bug #980007)
NOTE: 
https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
-   NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
-   NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644
-   NOTE: Fixed by: 
https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd
-   NOTE: Some followup fixes: 
https://github.com/open-iscsi/tcmu-runner/pull/646
-   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
-   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
-   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
 CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers 
to exec ...)
NOT-FOR-US: Netgear
 CVE-2020-28372



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e327127872a3a51d2c3c1a0a19de5229d761ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/63e327127872a3a51d2c3c1a0a19de5229d761ae
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Proces some NFUs

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
33a89b35 by Salvatore Bonaccorso at 2021-01-13T21:20:37+01:00
Proces some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -76456,27 +76456,27 @@ CVE-2020-4606 (IBM Security Verify Privilege Manager 
10.8 is vulnerable to an XM
 CVE-2020-4605
RESERVED
 CVE-2020-4604 (IBM Security Guardium Insights 2.0.2 stores user credentials in 
plain  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a 
privil ...)
NOT-FOR-US: IBM
 CVE-2020-4602 (IBM Security Guardium Insights 2.0.2 stores user credentials in 
plain  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4601
RESERVED
 CVE-2020-4600 (IBM Security Guardium Insights 2.0.2 could allow a remote 
attacker to  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4599 (IBM Security Guardium Insights 2.0.2 could allow a remote 
attacker to  ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote 
attacker to  ...)
NOT-FOR-US: IBM
 CVE-2020-4597 (IBM Security Guardium Insights 2.0.2 does not set the secure 
attribute ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4596 (IBM Security Guardium Insights 2.0.2 uses weaker than expected 
cryptog ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4595 (IBM Security Guardium Insights 2.0.2 uses weaker than expected 
cryptog ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4594 (IBM Security Guardium Insights 2.0.2 uses weaker than expected 
cryptog ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in 
plain  ...)
NOT-FOR-US: IBM
 CVE-2020-4592 (IBM MQ Appliance 9.1.CD and LTS could allow an authenticated 
user, und ...)
@@ -131722,7 +131722,7 @@ CVE-2019-4704 (IBM Security Identity Manager Virtual 
Appliance 7.0.2 does not se
 CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting 
Microsoft ...)
NOT-FOR-US: IBM
 CVE-2019-4702 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies 
permissi ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed 
with a ...)
NOT-FOR-US: IBM
 CVE-2019-4700
@@ -131752,7 +131752,7 @@ CVE-2019-4689 (IBM Security Guardium Data Encryption 
(GDE) 3.0.0.2 could allow a
 CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not 
set the s ...)
NOT-FOR-US: IBM
 CVE-2019-4687 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores 
sensitive i ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not 
set the s ...)
NOT-FOR-US: IBM
 CVE-2019-4685
@@ -132806,7 +132806,7 @@ CVE-2019-4162 (IBM Security Information Queue (ISIQ) 
1.0.0, 1.0.1, and 1.0.2 is
 CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 
disclose ...)
NOT-FOR-US: IBM
 CVE-2019-4160 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker 
than e ...)
-   TODO: check
+   NOT-FOR-US: IBM
 CVE-2019-4159
REJECTED
 CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove 
that a  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33a89b35723100ee7749d495e80091ce105b36f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33a89b35723100ee7749d495e80091ce105b36f5
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cb7d937a by security tracker role at 2021-01-13T20:10:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,139 @@
+CVE-2021-3140
+   RESERVED
+CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 
1.5.2, xcopy ...)
+   TODO: check
+CVE-2021-24002
+   RESERVED
+CVE-2021-24001
+   RESERVED
+CVE-2021-24000
+   RESERVED
+CVE-2021-23999
+   RESERVED
+CVE-2021-23998
+   RESERVED
+CVE-2021-23997
+   RESERVED
+CVE-2021-23996
+   RESERVED
+CVE-2021-23995
+   RESERVED
+CVE-2021-23994
+   RESERVED
+CVE-2021-23993
+   RESERVED
+CVE-2021-23992
+   RESERVED
+CVE-2021-23991
+   RESERVED
+CVE-2021-23990
+   RESERVED
+CVE-2021-23989
+   RESERVED
+CVE-2021-23988
+   RESERVED
+CVE-2021-23987
+   RESERVED
+CVE-2021-23986
+   RESERVED
+CVE-2021-23985
+   RESERVED
+CVE-2021-23984
+   RESERVED
+CVE-2021-23983
+   RESERVED
+CVE-2021-23982
+   RESERVED
+CVE-2021-23981
+   RESERVED
+CVE-2021-23980
+   RESERVED
+CVE-2021-23979
+   RESERVED
+CVE-2021-23978
+   RESERVED
+CVE-2021-23977
+   RESERVED
+CVE-2021-23976
+   RESERVED
+CVE-2021-23975
+   RESERVED
+CVE-2021-23974
+   RESERVED
+CVE-2021-23973
+   RESERVED
+CVE-2021-23972
+   RESERVED
+CVE-2021-23971
+   RESERVED
+CVE-2021-23970
+   RESERVED
+CVE-2021-23969
+   RESERVED
+CVE-2021-23968
+   RESERVED
+CVE-2021-23967
+   RESERVED
+CVE-2021-23966
+   RESERVED
+CVE-2021-23965
+   RESERVED
+CVE-2021-23964
+   RESERVED
+CVE-2021-23963
+   RESERVED
+CVE-2021-23962
+   RESERVED
+CVE-2021-23961
+   RESERVED
+CVE-2021-23960
+   RESERVED
+CVE-2021-23959
+   RESERVED
+CVE-2021-23958
+   RESERVED
+CVE-2021-23957
+   RESERVED
+CVE-2021-23956
+   RESERVED
+CVE-2021-23955
+   RESERVED
+CVE-2021-23954
+   RESERVED
+CVE-2021-23953
+   RESERVED
+CVE-2021-23952
+   RESERVED
+CVE-2021-23951
+   RESERVED
+CVE-2021-23950
+   RESERVED
+CVE-2021-23949
+   RESERVED
+CVE-2021-23948
+   RESERVED
+CVE-2021-23947
+   RESERVED
+CVE-2021-23946
+   RESERVED
+CVE-2021-23945
+   RESERVED
+CVE-2021-23944
+   RESERVED
+CVE-2021-23943
+   RESERVED
+CVE-2021-23942
+   RESERVED
+CVE-2021-23941
+   RESERVED
+CVE-2021-23940
+   RESERVED
+CVE-2021-23939
+   RESERVED
+CVE-2021-23938
+   RESERVED
+CVE-2021-23937
+   RESERVED
 CVE-2021-3138
RESERVED
 CVE-2021-3137
@@ -48,8 +184,8 @@ CVE-2021-3133 (The Elementor Contact Form DB plugin before 
1.6 for WordPress all
NOT-FOR-US: Elementor Contact Form DB plugin for WordPress
 CVE-2021-3132
RESERVED
-CVE-2021-3131
-   RESERVED
+CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends 
base64 enco ...)
+   TODO: check
 CVE-2021-3130
RESERVED
 CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, 
allows u ...)
@@ -96,10 +232,10 @@ CVE-2021-23902
RESERVED
 CVE-2021-23901
RESERVED
-CVE-2021-23900
-   RESERVED
-CVE-2021-23899
-   RESERVED
+CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or 
throw an  ...)
+   TODO: check
+CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags 
and CDA ...)
+   TODO: check
 CVE-2021-23898
RESERVED
 CVE-2021-23897
@@ -1625,10 +1761,10 @@ CVE-2021-3034
RESERVED
 CVE-2021-3033
RESERVED
-CVE-2021-3032
-   RESERVED
-CVE-2021-3031
-   RESERVED
+CVE-2021-3032 (An information exposure through log file vulnerability exists 
in Palo  ...)
+   TODO: check
+CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, 
PA-800, P ...)
+   TODO: check
 CVE-2021-3030
RESERVED
 CVE-2021-23234
@@ -2592,8 +2728,8 @@ CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on 
TP-Link TL-WR840N 6_EU_0.9.1_
NOT-FOR-US: TP-Link
 CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS 
Imaging) ...)
NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
-CVE-2021-3028
-   RESERVED
+CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a 
branch name, ...)
+   TODO: check
 CVE-2021-22696
RESERVED
 CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has 
an out-o ...)
@@ -4843,44 +4979,31 @@ CVE-2021-21616
RESERVED
 CVE-2021-21615
RESERVED
-CVE-2021-21614
-   RESERVED
+CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores 
credentials u ...)
NOT-FOR-US: Jenkins plugin
-CVE-2021-21613
-   RESERVED
+CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape 
TICS servic ...)
NOT-FOR-US: 

[Git][security-tracker-team/security-tracker][master] one hylafax issue n/a in Debian

2021-01-13 Thread Moritz Muehlenhoff


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c266f120 by Moritz Muehlenhoff at 2021-01-13T19:58:30+01:00
one hylafax issue n/a in Debian
openjpeg no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -19217,6 +19217,7 @@ CVE-2020-27846 (A signature verification vulnerability 
exists in crewjam/saml. T
NOT-FOR-US: github.com/crewjam/saml
 CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions 
prior t ...)
- openjpeg2 
+   [buster] - openjpeg2  (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1302
NOTE: 
https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63
 CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in 
versions prior  ...)
@@ -19225,12 +19226,15 @@ CVE-2020-27844 (A flaw was found in openjpeg's 
src/lib/openjp2/t2.c in versions
NOTE: 
https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This 
flaw all ...)
- openjpeg2 
+   [buster] - openjpeg2  (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1297
 CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 
2.4.0. An ...)
- openjpeg2 
+   [buster] - openjpeg2  (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1294
 CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in 
src/lib/openj ...)
- openjpeg2 
+   [buster] - openjpeg2  (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1293
NOTE: 
https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
 CVE-2020-27840
@@ -19295,6 +19299,7 @@ CVE-2020-27825 (A use-after-free flaw was found in 
kernel/trace/ring_buffer.c in
 CVE-2020-27824 [global-buffer-overflow read in lib-openjp2]
RESERVED
- openjpeg2 
+   [buster] - openjpeg2  (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1286
NOTE: 
https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d
 CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2]
@@ -46710,9 +46715,7 @@ CVE-2020-15399
 CVE-2020-15398
RESERVED
 CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts 
that execut ...)
-   - hylafax  (bug #964198)
-   [buster] - hylafax  (Minor issue)
-   [stretch] - hylafax  (Minor issue)
+   - hylafax  (/var/spool/hylafax/bin and 
/var/spool/hylafax/etc are root-owned in Debian)
NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
 CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup 
utility ...)
- hylafax  (bug #964198)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c266f120eaf0197c5e50e7f3d9b22c847790ce5f
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

2021-01-13 Thread Moritz Muehlenhoff


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5b4a7d68 by Moritz Muehlenhoff at 2021-01-13T18:21:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -39,11 +39,11 @@ CVE-2021-23922
 CVE-2021-23921
RESERVED
 CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request 
that lac ...)
-   TODO: check
+   NOT-FOR-US: JupyterHub
 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 
allows  ...)
-   TODO: check
+   NOT-FOR-US: RailsAdmin
 CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute 
commands,  ...)
-   TODO: check
+   NOT-FOR-US: Mubu
 CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress 
allows C ...)
NOT-FOR-US: Elementor Contact Form DB plugin for WordPress
 CVE-2021-3132
@@ -53,7 +53,7 @@ CVE-2021-3131
 CVE-2021-3130
RESERVED
 CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, 
allows u ...)
-   TODO: check
+   NOT-FOR-US: Ignition
 CVE-2021-3128
RESERVED
 CVE-2021-23920
@@ -255,7 +255,7 @@ CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE 
ECSIMAGING (aka ECS Ima
 CVE-2021-3117
RESERVED
 CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py 
in prox ...)
-   TODO: check
+   NOT-FOR-US: proxy.py
 CVE-2021-3115
RESERVED
 CVE-2021-3114
@@ -4122,7 +4122,7 @@ CVE-2021-3013
 CVE-2021-3012
RESERVED
 CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on 
NXP Smart ...)
-   TODO: check
+   NOT-FOR-US: NXP
 CVE-2021-3010
RESERVED
 CVE-2021-3009
@@ -5827,19 +5827,19 @@ CVE-2021-21473
 CVE-2021-21472
RESERVED
 CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper 
access contro ...)
-   TODO: check
+   NOT-FOR-US: CLA-Assistant
 CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP 
EPM Add-in ...)
NOT-FOR-US: SAP
 CVE-2021-21469 (When security guidelines for SAP NetWeaver Master Data 
Management, ver ...)
NOT-FOR-US: SAP
 CVE-2021-21468 (The BW Database Interface does not perform necessary 
authorization che ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2021-21467 (SAP Banking Services (Generic Market Data) 400, 450, and 500 
does not  ...)
NOT-FOR-US: SAP
 CVE-2021-21466 (SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 
740, 75 ...)
NOT-FOR-US: SAP
 CVE-2021-21465 (The BW Database Interface allows an attacker with low 
privileges to ex ...)
-   TODO: check
+   NOT-FOR-US: SAP
 CVE-2021-21464 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
NOT-FOR-US: SAP
 CVE-2021-21463 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
@@ -6267,7 +6267,7 @@ CVE-2020-35688
 CVE-2020-35687
RESERVED
 CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software 
component mod ...)
-   TODO: check
+   NOT-FOR-US: Sound Research
 CVE-2020-35685
RESERVED
 CVE-2020-35684
@@ -12507,11 +12507,11 @@ CVE-2021-1727
 CVE-2021-1726
RESERVED
 CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Bot Framework SDK
 CVE-2021-1724
RESERVED
 CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability 
...)
-   TODO: check
+   NOT-FOR-US: ASP.NET Core and Visual Studio
 CVE-2021-1722
RESERVED
 CVE-2021-1721
@@ -12645,7 +12645,7 @@ CVE-2021-1658 (Remote Procedure Call Runtime Remote 
Code Execution Vulnerability
 CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability 
...)
NOT-FOR-US: Microsoft
 CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This 
CVE ID i ...)
NOT-FOR-US: Microsoft
 CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This 
CVE ID i ...)
@@ -16281,7 +16281,7 @@ CVE-2020-28397
 CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 
(All versio ...)
NOT-FOR-US: Siemens
 CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch 
family (i ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2020-28394
RESERVED
 CVE-2020-28393
@@ -16289,9 +16289,9 @@ CVE-2020-28393
 CVE-2020-28392
RESERVED
 CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch 
family (i ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core 
(V8.2), ...)
-   TODO: check
+   NOT-FOR-US: Siemens
 CVE-2020-28389

[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-23239/sudo as no-dsa for buster

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
93421e78 by Salvatore Bonaccorso at 2021-01-13T18:04:21+01:00
Mark CVE-2021-23239/sudo as no-dsa for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1466,6 +1466,7 @@ CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in 
Sudo before 1.9.5 allows
NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a 
local unpriv ...)
- sudo 1.9.5-1
+   [buster] - sudo  (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
 CVE-2021-3108



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93421e7873bae5c48109ae5b99cf16e7c62237b4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93421e7873bae5c48109ae5b99cf16e7c62237b4
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] track CVE-2020-16044 for thunderbird

2021-01-13 Thread Moritz Muehlenhoff


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fbca7867 by Moritz Muehlenhoff at 2021-01-13T18:00:01+01:00
track CVE-2020-16044 for thunderbird

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -44838,7 +44838,10 @@ CVE-2020-16044
{DSA-4827-1 DLA-2521-1}
- firefox 84.0.2-1
- firefox-esr 78.6.1esr-1
+   - thunderbird 
+   [buster] - thunderbird  (Minor issue, wait until next 
Mozilla security cycle)
NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
+   NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044
 CVE-2020-16043 (Insufficient data validation in networking in Google Chrome 
prior to 8 ...)
- chromium 87.0.4280.141-0.1 (bug #979533)
[stretch] - chromium  (see DSA 4562)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbca7867bed7fde85ff0c20e1b11cf16af457c05

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbca7867bed7fde85ff0c20e1b11cf16af457c05
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-23240/sudo as unimportant

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02df239a by Salvatore Bonaccorso at 2021-01-13T17:29:47+01:00
Mark CVE-2021-23240/sudo as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1459,10 +1459,11 @@ CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices 
allow Directory Traversal vi
 CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal 
via ../  ...)
NOT-FOR-US: MERCUSYS Mercury X18G devices
 CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 
allows a loc ...)
-   - sudo 1.9.5-1
+   - sudo 1.9.5-1 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
NOTE: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a
NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html
+   NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
 CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a 
local unpriv ...)
- sudo 1.9.5-1
NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02df239ad49f1e74ebe6a5b2c130af256f276444

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02df239ad49f1e74ebe6a5b2c130af256f276444
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add Debian bug references for CVE-2020-26298/ruby-redcarpet

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
595c43b0 by Salvatore Bonaccorso at 2021-01-13T16:52:29+01:00
Add Debian bug references for CVE-2020-26298/ruby-redcarpet

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -23292,7 +23292,7 @@ CVE-2020-26300
 CVE-2020-26299
RESERVED
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In 
Redcarpet befo ...)
-   - ruby-redcarpet 
+   - ruby-redcarpet  (bug #980057)
NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
NOTE: 
https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
 CVE-2020-26297 (mdBook is a utility to create modern online books from 
Markdown files  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/595c43b00c6df153a252549e0ac55468fa5b8c6a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/595c43b00c6df153a252549e0ac55468fa5b8c6a
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update notes on CVE-2020-28374/tcmu

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46270ab9 by Salvatore Bonaccorso at 2021-01-13T16:40:35+01:00
Update notes on CVE-2020-28374/tcmu

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -16325,8 +16325,13 @@ CVE-2020-28374 (In drivers/target/target_core_xcopy.c 
in the Linux kernel before
- tcmu  (bug #980007)
NOTE: 
https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
-   NOTE: tcmu-runner patch: 
https://bugzilla.suse.com/attachment.cgi?id=844924=diff=patch==1=raw
NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
+   NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644
+   NOTE: Fixed by: 
https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd
+   NOTE: Some followup fixes: 
https://github.com/open-iscsi/tcmu-runner/pull/646
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
+   NOTE: 
https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
 CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers 
to exec ...)
NOT-FOR-US: Netgear
 CVE-2020-28372



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46270ab9f4e9faef5a3682df176dc520f3d2fa3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46270ab9f4e9faef5a3682df176dc520f3d2fa3c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

2021-01-13 Thread Moritz Muehlenhoff


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8781eda3 by Moritz Muehlenhoff at 2021-01-13T16:23:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -4843,30 +4843,43 @@ CVE-2021-21615
RESERVED
 CVE-2021-21614
RESERVED
+   NOT-FOR-US: Jenkins plugin
 CVE-2021-21613
RESERVED
+   NOT-FOR-US: Jenkins plugin
 CVE-2021-21612
RESERVED
+   NOT-FOR-US: Jenkins plugin
 CVE-2021-21611
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21610
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21609
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21608
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21607
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21606
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21605
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21604
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21603
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21602
RESERVED
+   NOT-FOR-US: Jenkins
 CVE-2021-21601
RESERVED
 CVE-2021-21600



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8781eda3c67df96e4f54d73d7d1280e39804d9aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8781eda3c67df96e4f54d73d7d1280e39804d9aa
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track proposed update for libmaxminddb via buster-pu

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ca015667 by Salvatore Bonaccorso at 2021-01-13T14:11:16+01:00
Track proposed update for libmaxminddb via buster-pu

- - - - -


1 changed file:

- data/next-point-update.txt


Changes:

=
data/next-point-update.txt
=
@@ -64,3 +64,5 @@ CVE-2020-7039
[buster] - slirp 1:1.0.17-8+deb10u1
 CVE-2020-8608
[buster] - slirp 1:1.0.17-8+deb10u1
+CVE-2020-28241
+   [buster] - libmaxminddb 1.3.2-1+deb10u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca01566729ea5d2447c1e3fc86b9e066e1916e1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca01566729ea5d2447c1e3fc86b9e066e1916e1d
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: claim golang-1.7

2021-01-13 Thread Sylvain Beucler


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
03ae9534 by Sylvain Beucler at 2021-01-13T14:10:27+01:00
dla: claim golang-1.7

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=
data/dla-needed.txt
=
@@ -40,7 +40,7 @@ f2fs-tools (Abhijith PA)
 firmware-nonfree
   NOTE: 20201207: wait for the update in buster and backport that (Emilio)
 --
-golang-1.7
+golang-1.7 (Sylvain Beucler)
   NOTE: 20201219: new CVEs may not be getting fixed, might need to ignore 
(roberto)
   NOTE: 20210103: Clarification CVE-2020-29509, ...10 and ...11 is definitely 
not going to be fixed in 1.7.
   NOTE: 20210103: golang at all. Follow up a little more before it is ignored. 
(ola)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ae9534fb355ae359b1fd87dfcb6f500a0148f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03ae9534fb355ae359b1fd87dfcb6f500a0148f0
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new redcarpet issue

2021-01-13 Thread Moritz Muehlenhoff


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
243209db by Moritz Muehlenhoff at 2021-01-13T10:57:45+01:00
new redcarpet issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -23274,7 +23274,9 @@ CVE-2020-26300
 CVE-2020-26299
RESERVED
 CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In 
Redcarpet befo ...)
-   TODO: check
+   - ruby-redcarpet 
+   NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
+   NOTE: 
https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
 CVE-2020-26297 (mdBook is a utility to create modern online books from 
Markdown files  ...)
NOT-FOR-US: mdBook
 CVE-2020-26296 (Vega is a visualization grammar, a declarative format for 
creating, sa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/243209db2e424a289f168935d2a85748d30edfed

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/243209db2e424a289f168935d2a85748d30edfed
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2020-8842

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d667e8fa by Salvatore Bonaccorso at 2021-01-13T09:48:18+01:00
Remove notes from CVE-2020-8842

Was withdrawn by its CNA as found to not be a security issue.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -65343,7 +65343,6 @@ CVE-2020-8843 (An issue was discovered in Istio 1.3 
through 1.3.6. Under certain
NOT-FOR-US: Istio
 CVE-2020-8842
REJECTED
-   NOT-FOR-US: MSI True Color
 CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type 
paramete ...)
NOT-FOR-US: TestLink
 CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain 
xbean- ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d667e8fa23649bfab3cee8b6190bc6f4e9014974

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d667e8fa23649bfab3cee8b6190bc6f4e9014974
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8fb4f931 by Salvatore Bonaccorso at 2021-01-13T09:47:23+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1652,11 +1652,11 @@ CVE-2021-23127
 CVE-2021-23126
RESERVED
 CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The 
lack of e ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The 
lack of e ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The 
lack of A ...)
-   TODO: check
+   NOT-FOR-US: Joomla!
 CVE-2021-23122
RESERVED
 CVE-2021-23121
@@ -12504,173 +12504,173 @@ CVE-2021-1721
 CVE-2021-1720
RESERVED
 CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This 
CVE ID  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is 
unique from ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID 
is uniq ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID 
is uniq ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID 
is uni ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID 
is uni ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This 
CVE ID  ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution 
Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege 
Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege 
Vulnerabi ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution 
Vulnerability This ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution 
Vulnerability This ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1698
RESERVED
 CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability 
...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This 
CVE ID i ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique 
from CVE ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique 
from CVE ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This 
CVE ID ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2021-1689 (Windows Multipoint Management Elevation of 

[Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for CVE-2020-28374

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d027f86 by Salvatore Bonaccorso at 2021-01-13T09:27:50+01:00
Add reference for CVE-2020-28374

- - - - -
65d64130 by Salvatore Bonaccorso at 2021-01-13T09:32:31+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -7,25 +7,25 @@ CVE-2021-3136
 CVE-2021-3135
RESERVED
 CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a 
task. ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in 
which the ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose 
name contai ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a 
Note refere ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image 
with a craf ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary 
file. ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the 
conversion API f ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted 
Content-Dispositi ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the 
ajax/apps/manifests que ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ 
character  ...)
-   TODO: check
+   NOT-FOR-US: OX App Suite
 CVE-2021-23926
RESERVED
 CVE-2021-23925
@@ -16313,6 +16313,7 @@ CVE-2020-28374 (In drivers/target/target_core_xcopy.c 
in the Linux kernel before
NOTE: 
https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
NOTE: tcmu-runner patch: 
https://bugzilla.suse.com/attachment.cgi?id=844924=diff=patch==1=raw
+   NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
 CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers 
to exec ...)
NOT-FOR-US: Netgear
 CVE-2020-28372



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0495ed6690543d013e5a68efead3fd3344d3784a...65d64130733f0823570c0a362ec7c10a4c55cf9c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0495ed6690543d013e5a68efead3fd3344d3784a...65d64130733f0823570c0a362ec7c10a4c55cf9c
You're receiving this email because of your account on salsa.debian.org.


___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

2021-01-13 Thread Salvatore Bonaccorso


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0495ed66 by security tracker role at 2021-01-13T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=
data/CVE/list
=
@@ -1,3 +1,47 @@
+CVE-2021-3138
+   RESERVED
+CVE-2021-3137
+   RESERVED
+CVE-2021-3136
+   RESERVED
+CVE-2021-3135
+   RESERVED
+CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a 
task. ...)
+   TODO: check
+CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in 
which the ...)
+   TODO: check
+CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose 
name contai ...)
+   TODO: check
+CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a 
Note refere ...)
+   TODO: check
+CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image 
with a craf ...)
+   TODO: check
+CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary 
file. ...)
+   TODO: check
+CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the 
conversion API f ...)
+   TODO: check
+CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted 
Content-Dispositi ...)
+   TODO: check
+CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the 
ajax/apps/manifests que ...)
+   TODO: check
+CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ 
character  ...)
+   TODO: check
+CVE-2021-23926
+   RESERVED
+CVE-2021-23925
+   RESERVED
+CVE-2021-23924
+   RESERVED
+CVE-2021-23923
+   RESERVED
+CVE-2021-23922
+   RESERVED
+CVE-2021-23921
+   RESERVED
+CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request 
that lac ...)
+   TODO: check
+CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 
allows  ...)
+   TODO: check
 CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute 
commands,  ...)
TODO: check
 CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress 
allows C ...)
@@ -1607,12 +1651,12 @@ CVE-2021-23127
RESERVED
 CVE-2021-23126
RESERVED
-CVE-2021-23125
-   RESERVED
-CVE-2021-23124
-   RESERVED
-CVE-2021-23123
-   RESERVED
+CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The 
lack of e ...)
+   TODO: check
+CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The 
lack of e ...)
+   TODO: check
+CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The 
lack of A ...)
+   TODO: check
 CVE-2021-23122
RESERVED
 CVE-2021-23121
@@ -6207,8 +6251,8 @@ CVE-2020-35688
RESERVED
 CVE-2020-35687
RESERVED
-CVE-2020-35686
-   RESERVED
+CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software 
component mod ...)
+   TODO: check
 CVE-2020-35685
RESERVED
 CVE-2020-35684
@@ -12447,186 +12491,186 @@ CVE-2021-1727
RESERVED
 CVE-2021-1726
RESERVED
-CVE-2021-1725
-   RESERVED
+CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
+   TODO: check
 CVE-2021-1724
RESERVED
-CVE-2021-1723
-   RESERVED
+CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability 
...)
+   TODO: check
 CVE-2021-1722
RESERVED
 CVE-2021-1721
RESERVED
 CVE-2021-1720
RESERVED
-CVE-2021-1719
-   RESERVED
-CVE-2021-1718
-   RESERVED
-CVE-2021-1717
-   RESERVED
-CVE-2021-1716
-   RESERVED
-CVE-2021-1715
-   RESERVED
-CVE-2021-1714
-   RESERVED
-CVE-2021-1713
-   RESERVED
-CVE-2021-1712
-   RESERVED
-CVE-2021-1711
-   RESERVED
-CVE-2021-1710
-   RESERVED
-CVE-2021-1709
-   RESERVED
-CVE-2021-1708
-   RESERVED
-CVE-2021-1707
-   RESERVED
-CVE-2021-1706
-   RESERVED
-CVE-2021-1705
-   RESERVED
-CVE-2021-1704
-   RESERVED
-CVE-2021-1703
-   RESERVED
-CVE-2021-1702
-   RESERVED
-CVE-2021-1701
-   RESERVED
-CVE-2021-1700
-   RESERVED
-CVE-2021-1699
-   RESERVED
+CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This 
CVE ID  ...)
+   TODO: check
+CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...)
+   TODO: check
+CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is 
unique from ...)
+   TODO: check
+CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID 
is uniq ...)
+   TODO: check
+CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID 
is uniq ...)
+   TODO: check
+CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID 
is uni ...)
+   TODO: check
+CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID