[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 30 Jul 2019 13:51:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bd765a08 by Salvatore Bonaccorso at 2019-07-30T20:50:38Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,63 +74,63 @@ CVE-2019-14416 (An issue was discovered in Veritas 
Resiliency Platform (VRP) bef
 CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) 
before 3. ...)
        NOT-FOR-US: Veritas Resiliency Platform (VRP)
 CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can 
conflict  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as 
shared us ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string 
injection in the ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts 
from wri ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string 
injection in the ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via 
Passeng ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an 
OpenID prov ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers 
(SEC-41 ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue 
Listing ( ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via 
securit ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in 
the conte ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of 
incorrect d ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal 
capabilities by usi ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward 
API1 cal ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root 
access be ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 
allows un ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary 
code vi ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary 
files vi ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed 
insertio ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the 
Queueproc ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the 
context of t ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the 
context of a d ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo 
account b ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller 
package creati ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account 
interfac ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL 
root pas ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation 
because Exim ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail 
master tem ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager 
interfac ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-14385
        RESERVED
 CVE-2019-14384
@@ -150,35 +150,35 @@ CVE-2019-14379 (SubTypeValidator.java in FasterXML 
jackson-databind before 2.9.9
 CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based 
buffer overf ...)
        TODO: check
 CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables 
debug log ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the 
context of ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP 
Manager interf ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting 
connections ( ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS 
Zone" feat ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup 
Destina ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts 
after re ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute 
arbitrary code ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password 
changes (SE ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed 
custom  ...)
        TODO: check
 CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED 
files. ...)
        TODO: check
 CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a 
Chemical ...)
-       TODO: check
+       NOT-FOR-US: Open edX
 CVE-2018-20858
        RESERVED
 CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes 
a Mongo ...)
-       TODO: check
+       NOT-FOR-US: Open edX
 CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger 
password-re ...)
-       TODO: check
+       NOT-FOR-US: Open edX
 CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
        NOT-FOR-US: Open edX
 CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with 
a spoofe ...)
@@ -555,7 +555,7 @@ CVE-2019-14244
 CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as 
used in t ...)
        NOT-FOR-US: mastercactapus proxyprotocol
 CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows 
(Bitdefend ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender products for Windows
 CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of 
service (h ...)
        - haproxy <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/haproxy/haproxy/issues/181
@@ -1810,7 +1810,7 @@ CVE-2019-13636 (In GNU patch through 2.7.6, the following 
of symlinks is mishand
        - patch 2.7.6-5 (bug #932401)
        NOTE: 
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
 CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress 
allows wpFas ...)
-       TODO: check
+       NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2019-13634
        RESERVED
 CVE-2019-13633
@@ -27744,7 +27744,7 @@ CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 
and prior contain a hard
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware 
contain a  ...)
        NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3948 (The Amcrest IP2M-841B IP camera firmware version 
V2.520.AC00.18.R does ...)
-       TODO: check
+       NOT-FOR-US: Amcrest IP2M-841B IP camera firmware
 CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database 
credentials in  ...)
        NOT-FOR-US: Fuji Electric V-Server
 CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial 
of serv ...)
@@ -37118,33 +37118,33 @@ CVE-2019-1132 (An elevation of privilege 
vulnerability exists in Windows when th
 CVE-2019-1131
        RESERVED
 CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows 
AppX Deplo ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows 
AppX Deplo ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1128 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1127 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1126 (A security feature bypass vulnerability exists in Active 
Directory Fed ...)
        TODO: check
 CVE-2019-1125
        RESERVED
 CVE-2019-1124 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1123 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1122 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1121 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1120 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1119 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1118 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1117 (A remote code execution vulnerability exists in the way that 
DirectWri ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2019-1116 (An information disclosure vulnerability exists when the Windows 
GDI co ...)
        NOT-FOR-US: Microsoft
 CVE-2019-1115



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd765a081b4bc0991568021c339ea1a5cadffe85
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to