[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jul 30 21:51:07 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd765a08 by Salvatore Bonaccorso at 2019-07-30T20:50:38Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,63 +74,63 @@ CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) bef
 CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
 	NOT-FOR-US: Veritas Resiliency Platform (VRP)
 CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-14385
 	RESERVED
 CVE-2019-14384
@@ -150,35 +150,35 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9
 CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...)
 	TODO: check
 CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom  ...)
 	TODO: check
 CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...)
 	TODO: check
 CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...)
-	TODO: check
+	NOT-FOR-US: Open edX
 CVE-2018-20858
 	RESERVED
 CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes a Mongo ...)
-	TODO: check
+	NOT-FOR-US: Open edX
 CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger password-re ...)
-	TODO: check
+	NOT-FOR-US: Open edX
 CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
 	NOT-FOR-US: Open edX
 CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
@@ -555,7 +555,7 @@ CVE-2019-14244
 CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...)
 	NOT-FOR-US: mastercactapus proxyprotocol
 CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender products for Windows
 CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...)
 	- haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/haproxy/haproxy/issues/181
@@ -1810,7 +1810,7 @@ CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishand
 	- patch 2.7.6-5 (bug #932401)
 	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
 CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2019-13634
 	RESERVED
 CVE-2019-13633
@@ -27744,7 +27744,7 @@ CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hard
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a  ...)
 	NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3948 (The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does ...)
-	TODO: check
+	NOT-FOR-US: Amcrest IP2M-841B IP camera firmware
 CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in  ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of serv ...)
@@ -37118,33 +37118,33 @@ CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when th
 CVE-2019-1131
 	RESERVED
 CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1128 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1127 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...)
 	TODO: check
 CVE-2019-1125
 	RESERVED
 CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1123 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1122 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1121 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1120 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1119 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1118 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...)
 	NOT-FOR-US: Microsoft
 CVE-2019-1115



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/bbfbfb0e/attachment.html>

More information about the debian-security-tracker-commits mailing list