[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Aug 24 21:50:49 BST 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91130e28 by Salvatore Bonaccorso at 2021-08-24T22:49:27+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1416,9 +1416,9 @@ CVE-2021-39378
 CVE-2021-39377
 	RESERVED
 CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
-	TODO: check
+	NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
 CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
-	TODO: check
+	NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
 CVE-2021-39374
 	RESERVED
 CVE-2021-39373
@@ -3120,11 +3120,11 @@ CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBU
 	[buster] - polipo <ignored> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2
 CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...)
-	TODO: check
+	NOT-FOR-US: NASCENT RemKon Device Manager
 CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...)
-	TODO: check
+	NOT-FOR-US: NASCENT RemKon Device Manager
 CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the  ...)
-	TODO: check
+	NOT-FOR-US: NASCENT RemKon Device Manager
 CVE-2021-38610
 	RESERVED
 CVE-2021-38609
@@ -3804,7 +3804,7 @@ CVE-2021-38308
 CVE-2021-38307
 	RESERVED
 CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...)
-	TODO: check
+	NOT-FOR-US: LG
 CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
 	NOT-FOR-US: 23andMe Yamale
 CVE-2021-38304
@@ -5623,7 +5623,7 @@ CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
 CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2021-37537
 	RESERVED
 CVE-2021-37536
@@ -8177,7 +8177,7 @@ CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes o
 	NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21)
 	NOTE: Negligible security impact
 CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...)
-	TODO: check
+	NOT-FOR-US: Cerner Mobile Care
 CVE-2021-36384
 	RESERVED
 CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
@@ -15588,7 +15588,7 @@ CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and
 CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
 	NOT-FOR-US: Apache Jena Fuseki
 CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...)
-	TODO: check
+	NOT-FOR-US: Apache NiFi
 CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
 	NOT-FOR-US: Apache APISIX Dashboard
 CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91130e28431b6b9f8c40dcf21ee61c23bc29e2c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91130e28431b6b9f8c40dcf21ee61c23bc29e2c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210824/affdc093/attachment-0001.htm>
