[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 17 20:18:56 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47b59fc1 by Salvatore Bonaccorso at 2020-03-17T21:18:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,9 +105,9 @@ CVE-2020-10598
 CVE-2020-10597
 	RESERVED
 CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2020-10595
 	RESERVED
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
@@ -1130,25 +1130,25 @@ CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated O
 CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
 	NOT-FOR-US: D-Link
 CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. ...)
 	NOT-FOR-US: Citrix
 CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...)
@@ -1295,23 +1295,23 @@ CVE-2020-10059
 CVE-2020-10058
 	RESERVED
 CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is  ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
 	NOT-FOR-US: cPanel
 CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
 	NOT-FOR-US: GeniXCMS
 CVE-2020-10056
@@ -84295,7 +84295,7 @@ CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type paramete
 CVE-2018-18577
 	RESERVED
 CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress al ...)
-	TODO: check
+	NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress
 CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accept ...)
 	{DLA-1555-1}
 	- libmspack 0.8-1 (bug #911637)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b59fc1fcad0d6d117b32c1738ecc0b5ae856f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b59fc1fcad0d6d117b32c1738ecc0b5ae856f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/76c2e6e2/attachment.html>

More information about the debian-security-tracker-commits mailing list