[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 05 Aug 2019 13:19:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dcbeac64 by Salvatore Bonaccorso at 2019-08-05T20:16:20Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -678,47 +678,47 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users 
to disable the ClamAV da
 CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change 
DNS or  ...)
        NOT-FOR-US: DrayTek routers
 CVE-2017-18482 (cPanel before 62.0.4 allows resellers to use the WHM 
enqueue_transfer_ ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18481 (cPanel before 62.0.4 allows stored XSS in the WHM Account 
Suspension L ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18480 (cPanel before 62.0.4 does not enforce account ownership for 
has_mycnf_ ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18479 (In cPanel before 62.0.4, WHM SSL certificate generation uses 
an unrese ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18478 (In cPanel before 62.0.4 incorrect ACL checks could occur in 
xml-api fo ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18477 (In cPanel before 62.0.4, Exim transports could execute in the 
context  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18476 (Leech Protect in cPanel before 62.0.4 does not protect certain 
directo ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18475 (In cPanel before 62.0.4, Exim piped filters ran in the context 
of an i ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18474 (cPanel before 62.0.4 allows arbitrary file-read operations via 
Exim va ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18473 (cPanel before 62.0.4 allows self XSS on the webmail Password 
and Secur ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18472 (cPanel before 62.0.4 allows reflected XSS in reset-password 
interfaces ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18471 (cPanel before 62.0.4 allows self XSS on the paper_lantern 
password-cha ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18470 (cPanel before 62.0.4 has a fixed password for the Munin MySQL 
test acc ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18469 (cPanel before 62.0.17 allows demo accounts to execute code via 
an NVDa ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18468 (cPanel before 62.0.17 allows demo accounts to execute code via 
the Hta ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18467 (cPanel before 62.0.17 allows access to restricted resources 
because of ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18466 (cPanel before 62.0.17 does not properly recognize domain 
ownership dur ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18465 (cPanel before 62.0.17 does not have a sufficient list of 
reserved user ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18464 (cPanel before 62.0.17 allows arbitrary file-overwrite 
operations via t ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of 
the root ...)
        NOT-FOR-US: cPanel
 CVE-2017-18462 (cPanel before 62.0.17 allows a CPHulk one-day ban bypass when 
IP based ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy 
questio ...)
        NOT-FOR-US: cPanel
 CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during 
automatic ...)
@@ -1050,23 +1050,23 @@ CVE-2016-10777
 CVE-2016-10776
        RESERVED
 CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations 
via reass ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the 
tail_ea4_migration.cgi in ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in 
exception-mess ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list 
restrictions when  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod 
operations dur ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite 
operations durin ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via 
/cgi-sys/FormMail-cl ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during 
preparat ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair 
Mailbox Perm ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read 
operatio ...)
        NOT-FOR-US: cPanel
 CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, 
allowing a ...)
@@ -27956,7 +27956,7 @@ CVE-2019-4475
 CVE-2019-4474
        RESERVED
 CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, 
and 8 on  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4472
        RESERVED
 CVE-2019-4471
@@ -28334,7 +28334,7 @@ CVE-2019-4286
 CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could 
allow a  ...)
        NOT-FOR-US: IBM
 CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a 
local  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4283
        RESERVED
 CVE-2019-4282
@@ -28380,7 +28380,7 @@ CVE-2019-4263 (IBM Content Navigator 3.0CD is 
vulnerable to local file inclusion
 CVE-2019-4262
        RESERVED
 CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ 
V9.1 LTS ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5.0 
through 5.0 ...)
        NOT-FOR-US: IBM
 CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum 
Scale 4.1 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcbeac64c6be19d4c85ffea65b82309aca220ee7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcbeac64c6be19d4c85ffea65b82309aca220ee7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to