[Git][security-tracker-team/security-tracker][master] Process some further NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 2 22:14:58 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57386c57 by Salvatore Bonaccorso at 2019-08-02T21:14:30Z
Process some further NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -377,169 +377,169 @@ CVE-2017-18465
 CVE-2017-18464
 	RESERVED
 CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18462
 	RESERVED
 CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18459 (cPanel before 62.0.17 allows arbitrary code execution during account m ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18458 (cPanel before 62.0.17 allows file overwrite when renaming an account ( ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18457 (cPanel before 62.0.17 allows arbitrary file-read operations via WHM /s ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18456 (cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18455 (In cPanel before 62.0.17, addon domain conversion did not require a pa ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18454 (cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18453 (cPanel before 64.0.21 does not preserve supplemental groups across acc ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18452 (cPanel before 64.0.21 allows code execution via Rails configuration fi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18451 (cPanel before 64.0.21 allows attackers to read a user's crontab file d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18450 (cPanel before 64.0.21 allows certain file-chmod operations via /script ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18449 (cPanel before 64.0.21 allows certain file-rename operations in the con ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18448 (cPanel before 64.0.21 allows certain file-read operations via a Server ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18447 (cPanel before 64.0.21 allows demo accounts to execute code via the Cla ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18446 (cPanel before 64.0.21 allows file-read and file-write operations for d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18445 (cPanel before 64.0.21 does not enforce demo restrictions for SSL API c ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18444 (cPanel before 64.0.21 allows demo accounts to execute SSH API commands ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18443 (cPanel before 64.0.21 allows demo and suspended accounts to use SSH po ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18442 (cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI AP ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18441 (cPanel before 64.0.21 allows demo accounts to redirect web traffic (SE ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18440 (cPanel before 64.0.21 allows demo users to execute traceroute via api2 ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18439 (cPanel before 64.0.21 allows demo accounts to execute code via an Imag ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18438 (cPanel before 64.0.21 allows demo accounts to execute code via Encodin ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18437 (cPanel before 64.0.21 allows a Webmail account to execute code via for ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18436 (cPanel before 64.0.21 allows demo accounts to read files via a Fileman ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18435 (cPanel before 64.0.21 allows demo accounts to execute code via the Box ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18434 (cPanel before 64.0.21 allows code execution in the context of the root ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18433 (cPanel before 64.0.21 allows code execution by webmail and demo accoun ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18432 (In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18431 (cPanel before 66.0.1 does not reliably perform suspend/unsuspend opera ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18430 (In cPanel before 66.0.2, user and group ownership may be incorrectly s ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18429 (In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persis ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18428 (In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18427 (In cPanel before 66.0.2, weak log-file permissions can occur after acc ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18426 (cPanel before 66.0.2 allows resellers to read other accounts' domain l ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18425 (In cPanel before 66.0.2, the cpdavd_error_log file can be created with ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18424 (In cPanel before 66.0.2, the Apache HTTP Server configuration file is  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18423 (In cPanel before 66.0.2, domain log files become readable after log pr ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18422 (In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog owne ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18421 (cPanel before 66.0.2 allows demo accounts to create databases and user ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18420 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18419 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallat ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18418 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operat ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18417 (cPanel before 66.0.2 allows stored XSS during WHM cPAddons installatio ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18416 (cPanel before 67.9999.103 allows arbitrary file-overwrite operations d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18415 (cPanel before 67.9999.103 allows code execution in the context of the  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18414 (cPanel before 67.9999.103 allows an open redirect in /unprotected/redi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18413 (In cPanel before 67.9999.103, the backup system overwrites root's home ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18412 (cPanel before 67.9999.103 allows Apache HTTP Server log files to becom ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18411 (The "addon domain conversion" feature in cPanel before 67.9999.103 can ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18410 (In cPanel before 67.9999.103, a user account's backup archive could co ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18409 (In cPanel before 67.9999.103, the backup interface could return a back ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18408 (cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Chan ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18407 (cPanel before 67.9999.103 does not enforce SSL hostname verification f ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18406 (cPanel before 67.9999.103 allows SQL injection during eximstats proces ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18405 (cPanel before 68.0.15 allows arbitrary file-read operations because of ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18404 (cPanel before 68.0.15 allows domain data to be deleted for domains wit ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18403 (cPanel before 68.0.15 allows code execution in the context of the nobo ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18402 (cPanel before 68.0.15 allows stored XSS during a cpaddons moderated up ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18401 (cPanel before 68.0.15 allows user accounts to be partially created wit ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18400 (cPanel before 68.0.15 allows local root code execution via cpdavd (SEC ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18399 (cPanel before 68.0.15 allows attackers to read root's crontab file dur ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18398 (DnsUtils in cPanel before 68.0.15 allows zone creation for hostname an ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18397 (cPanel before 68.0.15 does not preserve permissions for local backup t ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18396 (cPanel before 68.0.15 allows arbitrary file-read operations via Exim v ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18395 (cPanel before 68.0.15 does not block a username of ssl (SEC-328). ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18394 (cPanel before 68.0.15 does not have a sufficient list of reserved user ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18393 (cPanel before 68.0.15 does not block a username of postmaster, which m ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18392 (cPanel before 68.0.15 allows collisions because PostgreSQL databases c ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18391 (cPanel before 68.0.15 allows attackers to read backup files because th ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18390 (cPanel before 68.0.15 allows code execution in the context of the root ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18389 (cPanel before 68.0.15 allows string format injection in dovecot-xaps-p ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18388 (cPanel before 68.0.15 can perform unsafe file operations because Jails ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18387 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18386 (cPanel before 68.0.15 allows arbitrary code execution via Maketext inj ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18385 (cPanel before 68.0.15 allows unprivileged users to access restricted d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18384 (cPanel before 68.0.15 allows jailed accounts to restore files that are ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18383 (cPanel before 68.0.15 writes home-directory backups to an incorrect lo ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18382 (cPanel before 68.0.15 allows use of an unreserved e-mail address in DN ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the  ...)
 	NOT-FOR-US: cPanel
 CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57386c57c7afaed15d49cb676a3c14aa156cd50f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/57386c57c7afaed15d49cb676a3c14aa156cd50f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190802/e798211d/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list