[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Aug 5 21:18:34 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcbeac64 by Salvatore Bonaccorso at 2019-08-05T20:16:20Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -678,47 +678,47 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV da
 CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or  ...)
 	NOT-FOR-US: DrayTek routers
 CVE-2017-18482 (cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_ ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18481 (cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension L ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18480 (cPanel before 62.0.4 does not enforce account ownership for has_mycnf_ ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18479 (In cPanel before 62.0.4, WHM SSL certificate generation uses an unrese ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18478 (In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api fo ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18477 (In cPanel before 62.0.4, Exim transports could execute in the context  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18476 (Leech Protect in cPanel before 62.0.4 does not protect certain directo ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18475 (In cPanel before 62.0.4, Exim piped filters ran in the context of an i ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18474 (cPanel before 62.0.4 allows arbitrary file-read operations via Exim va ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18473 (cPanel before 62.0.4 allows self XSS on the webmail Password and Secur ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18472 (cPanel before 62.0.4 allows reflected XSS in reset-password interfaces ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18471 (cPanel before 62.0.4 allows self XSS on the paper_lantern password-cha ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18470 (cPanel before 62.0.4 has a fixed password for the Munin MySQL test acc ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18469 (cPanel before 62.0.17 allows demo accounts to execute code via an NVDa ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18468 (cPanel before 62.0.17 allows demo accounts to execute code via the Hta ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18467 (cPanel before 62.0.17 allows access to restricted resources because of ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18466 (cPanel before 62.0.17 does not properly recognize domain ownership dur ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18465 (cPanel before 62.0.17 does not have a sufficient list of reserved user ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18464 (cPanel before 62.0.17 allows arbitrary file-overwrite operations via t ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18463 (cPanel before 62.0.17 allows code execution in the context of the root ...)
 	NOT-FOR-US: cPanel
 CVE-2017-18462 (cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2017-18461 (cPanel before 62.0.17 allows does not preserve security policy questio ...)
 	NOT-FOR-US: cPanel
 CVE-2017-18460 (cPanel before 62.0.17 allows arbitrary code execution during automatic ...)
@@ -1050,23 +1050,23 @@ CVE-2016-10777
 CVE-2016-10776
 	RESERVED
 CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10773 (cPanel before 60.0.25 allows format-string injection in exception-mess ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10772 (cPanel before 60.0.25 does not enforce feature-list restrictions when  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10771 (cPanel before 60.0.25 allows file-create and file-chmod operations dur ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10770 (cPanel before 60.0.25 allows arbitrary file-overwrite operations durin ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10769 (cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-cl ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10768 (cPanel before 60.0.25 allows file-overwrite operations during preparat ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10767 (cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Perm ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...)
 	NOT-FOR-US: cPanel
 CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
@@ -27956,7 +27956,7 @@ CVE-2019-4475
 CVE-2019-4474
 	RESERVED
 CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4472
 	RESERVED
 CVE-2019-4471
@@ -28334,7 +28334,7 @@ CVE-2019-4286
 CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4283
 	RESERVED
 CVE-2019-4282
@@ -28380,7 +28380,7 @@ CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion
 CVE-2019-4262
 	RESERVED
 CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0 ...)
 	NOT-FOR-US: IBM
 CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcbeac64c6be19d4c85ffea65b82309aca220ee7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dcbeac64c6be19d4c85ffea65b82309aca220ee7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190805/77f3cbe0/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list