Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
683b35c7 by Moritz Muehlenhoff at 2021-10-18T15:23:52+02:00
NFUs
otrs n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1892,7 +1892,7 @@ CVE-2021-42257 (check_smart before 6.9.1 allows
unintended drive access by an un
CVE-2021-42256
RESERVED
CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External
Entity R ...)
- TODO: check
+ NOT-FOR-US: CoreNLP
CVE-2021-42255
RESERVED
CVE-2021-42254
@@ -4432,7 +4432,7 @@ CVE-2021-41139 (Anuko Time Tracker is an open source,
web-based time tracking ap
CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the
newly int ...)
NOT-FOR-US: Frontier
CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage.
All users ...)
- TODO: check
+ NOT-FOR-US: Minio
CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to
version ...)
- puma <unfixed>
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
@@ -16329,7 +16329,8 @@ CVE-2021-36099
CVE-2021-36098
RESERVED
CVE-2021-36097 (Agents are able to lock the ticket without the "Owner"
permission. Onc ...)
- TODO: check
+ - otrs <not-affected> (OTRS 8.x specific)
+ NOTE: znuny forked from OTRS with 6.x, but this issue is specific to
OTRS 8.x
CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys
if cont ...)
- otrs2 <undetermined> (bug #993846)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -37698,7 +37699,7 @@ CVE-2021-27563
CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may
trigger a syst ...)
NOT-FOR-US: Arm Trusted Firmware M
CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command
injection as ro ...)
- TODO: check
+ NOT-FOR-US: Yealink Device Management
CVE-2021-27560
RESERVED
CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the
Nickname f ...)
@@ -41618,7 +41619,7 @@ CVE-2021-25966 (In “Orchard core CMS”
application, versions 1.0.0-be
CVE-2021-25965
RESERVED
CVE-2021-25964 (In “Calibre-web” application, v0.6.0 to v0.6.12,
are vulne ...)
- TODO: check
+ NOT-FOR-US: Calibre web
CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to
reflected Cr ...)
NOT-FOR-US: Shuup
CVE-2021-25962 (“Shuup” application in versions 0.4.2 to 2.10.8 is
affecte ...)
@@ -46665,13 +46666,13 @@ CVE-2021-23860
CVE-2021-23859
RESERVED
CVE-2021-23858 (Information disclosure: The main configuration, including
users and th ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23857 (Login with hash: The login routine allows the client to log in
to the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an
attacke ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23855 (The user and password data base is exposed by an unprotected
web serve ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP
cameras may l ...)
NOT-FOR-US: Bosch
CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header
allows an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b35c7f9bd6832dd68afe2e40ade5c6d013d3b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683b35c7f9bd6832dd68afe2e40ade5c6d013d3b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
