[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Aug 6 21:19:27 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec18a486 by Salvatore Bonaccorso at 2019-08-06T20:18:01Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2019-14698
 CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/ind ...)
 	TODO: check
 CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...)
-	TODO: check
+	NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress
 CVE-2019-14694
 	RESERVED
 CVE-2019-14693
@@ -1107,49 +1107,49 @@ CVE-2016-10799
 CVE-2016-10798
 	RESERVED
 CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10795 (cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10794 (cPanel before 59.9999.145 allows arbitrary file-read operations becaus ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10793 (cPanel before 59.9999.145 allows arbitrary code execution due to an in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10792 (cPanel before 59.9999.145 allows code execution in the context of othe ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10791 (cPanel before 60.0.15 does not ensure that system accounts lack a vali ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10790 (cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpa ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10789 (cPanel before 60.0.25 allows code execution via the cpsrvd 403 error r ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10788 (cPanel before 60.0.25 allows arbitrary code execution via Maketext in  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10787 (The Host Access Control feature in cPanel before 60.0.25 mishandles ac ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10786 (cPanel before 60.0.25 allows members of the nobody group to read Apach ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10785 (cPanel before 60.0.25 allows attackers to discover file contents durin ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10784 (cPanel before 60.0.25 allows self XSS in the alias upload interface (S ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10783 (cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182) ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10782 (cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10781 (cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10780 (cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-1 ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10779 (cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SE ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10778 (cPanel before 60.0.25 allows self stored XSS in the listftpstable API  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10777 (cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10776 (cPanel before 60.0.25 allows stored XSS during the homedir removal pha ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2016-10775 (cPanel before 60.0.25 allows arbitrary file-chown operations via reass ...)
 	NOT-FOR-US: cPanel
 CVE-2016-10774 (cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec18a486122114d91596684966ec47c872c7f3ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ec18a486122114d91596684966ec47c872c7f3ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190806/c5492a39/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list