[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
683b35c7 by Moritz Muehlenhoff at 2021-10-18T15:23:52+02:00
NFUs
otrs n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1892,7 +1892,7 @@ CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an un
 CVE-2021-42256
 	RESERVED
 CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
-	TODO: check
+	NOT-FOR-US: CoreNLP
 CVE-2021-42255
 	RESERVED
 CVE-2021-42254
@@ -4432,7 +4432,7 @@ CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking ap
 CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
 	NOT-FOR-US: Frontier
 CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users  ...)
-	TODO: check
+	NOT-FOR-US: Minio
 CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
 	- puma <unfixed>
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
@@ -16329,7 +16329,8 @@ CVE-2021-36099
 CVE-2021-36098
 	RESERVED
 CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...)
-	TODO: check
+	- otrs <not-affected> (OTRS 8.x specific)
+	NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x
 CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
 	- otrs2 <undetermined> (bug #993846)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -37698,7 +37699,7 @@ CVE-2021-27563
 CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
 	NOT-FOR-US: Arm Trusted Firmware M
 CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...)
-	TODO: check
+	NOT-FOR-US: Yealink Device Management
 CVE-2021-27560
 	RESERVED
 CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
@@ -41618,7 +41619,7 @@ CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-be
 CVE-2021-25965
 	RESERVED
 CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12, are vulne ...)
-	TODO: check
+	NOT-FOR-US: Calibre web
 CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
 	NOT-FOR-US: Shuup
 CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is affecte ...)
@@ -46665,13 +46666,13 @@ CVE-2021-23860
 CVE-2021-23859
 	RESERVED
 CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the  ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
 	NOT-FOR-US: Bosch
 CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b35c7f9bd6832dd68afe2e40ade5c6d013d3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b35c7f9bd6832dd68afe2e40ade5c6d013d3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211018/51d9cb2d/attachment.htm>