Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 94514a63 by Salvatore Bonaccorso at 2019-08-02T08:35:18Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9,7 +9,7 @@ CVE-2019-14519 CVE-2019-14518 RESERVED CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javas&#99;ript: string. ...) - TODO: check + NOT-FOR-US: pandao Editor.md CVE-2019-14516 RESERVED CVE-2019-14515 @@ -99,9 +99,9 @@ CVE-2019-14474 CVE-2019-14473 RESERVED CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) - TODO: check + NOT-FOR-US: Zumo CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...) - TODO: check + NOT-FOR-US: TestLink CVE-2019-14470 RESERVED CVE-2019-14469 @@ -141,173 +141,173 @@ CVE-2019-14455 CVE-2019-14454 RESERVED CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit ...) - TODO: check + NOT-FOR-US: Windu CMS CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...) - TODO: check + NOT-FOR-US: Windu CMS CVE-2019-14453 RESERVED CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20951 (cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20950 (cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20949 (cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Incl ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20948 (cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SE ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20947 (cPanel before 68.0.27 allows certain file-write operations via the tel ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20946 (cPanel before 68.0.27 allows attackers to read zone information becaus ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20945 (bin/csvprocess in cPanel before 68.0.27 allows insecure file operation ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20944 (cPanel before 68.0.27 allows attackers to read a copy of httpd.conf th ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20943 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20942 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20941 (cPanel before 68.0.27 allows arbitrary file-read operations via restor ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20940 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20939 (cPanel before 68.0.27 allows a user to discover contents of directorie ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20938 (cPanel before 68.0.27 does not enforce ownership during addpkgext and ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20937 (cPanel before 68.0.27 does not validate database and dbuser names duri ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20936 (cPanel before 68.0.27 allows attackers to read the SRS secret via exim ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20935 (cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20934 (cPanel before 70.0.23 does not prevent e-mail account suspensions from ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20933 (cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20932 (cPanel before 70.0.23 exposes Apache HTTP Server logs after creation o ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20931 (cPanel before 70.0.23 allows demo accounts to execute code via the Lan ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20930 (cPanel before 70.0.23 allows .htaccess restrictions bypass when Htacce ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20929 (cPanel before 70.0.23 allows an open redirect via the /unprotected/red ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20928 (cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interf ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20927 (cPanel before 70.0.23 allows jailshell escape because of incorrect cro ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20926 (cPanel before 70.0.23 allows local privilege escalation via the WHM Lo ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20925 (cPanel before 70.0.23 allows local privilege escalation via the WHM Le ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20924 (cPanel before 70.0.23 allows arbitrary file-read and file-unlink opera ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20923 (cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Reco ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20922 (cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20921 (cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20920 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20919 (cPanel before 70.0.23 allows stored XSS via a WHM Create Account actio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20918 (cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20917 (cPanel before 70.0.23 allows any user to disable Solr (SEC-371). ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20916 (cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-3 ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20915 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20914 (In cPanel before 70.0.23, OpenID providers can inject arbitrary data i ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20913 (cPanel before 70.0.23 allows attackers to read the root accesshash via ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20912 (cPanel before 70.0.23 allows demo accounts to execute code via awstats ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20911 (cPanel before 70.0.23 allows code execution because "." is in @INC dur ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20910 (cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20909 (cPanel before 70.0.23 allows arbitrary file-chmod operations during le ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20908 (cPanel before 71.9980.37 allows arbitrary file-read operations during ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20907 (cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20906 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20905 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20904 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20903 (cPanel before 71.9980.37 allows self XSS in the WHM Backup Configurati ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20902 (cPanel before 71.9980.37 allows attackers to read root's crontab file ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20901 (cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme In ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20900 (cPanel before 71.9980.37 allows stored XSS in the YUM autorepair funct ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20899 (cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons install ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20898 (cPanel before 71.9980.37 allows e-mail injection during cPAddons moder ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20897 (cPanel before 71.9980.37 allows arbitrary file-unlink operations via t ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20896 (cPanel before 71.9980.37 allows code injection in the WHM cPAddons int ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20895 (In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs a ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20894 (cPanel before 74.0.0 makes web-site contents accessible to other local ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20893 (cPanel before 74.0.0 allows file-rename operations during account rena ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20892 (cPanel before 74.0.0 allows arbitrary zone file modifications because ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20891 (cPanel before 74.0.0 allows arbitrary file-read operations during File ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20890 (cPanel before 74.0.0 allows arbitrary zone file modifications during r ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20889 (cPanel before 74.0.0 allows certain file-read operations via password ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20888 (cPanel before 74.0.0 allows file modification in the context of the ro ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20887 (cPanel before 74.0.0 allows SQL injection during database backups (SEC ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20886 (cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-4 ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20885 (cPanel before 74.0.0 allows Apache HTTP Server configuration injection ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20884 (cPanel before 74.0.0 allows stored XSS in the WHM File Restoration int ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20883 (cPanel before 74.0.8 allows FTP access during account suspension (SEC- ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20882 (cPanel before 74.0.8 allows arbitrary file-write operations in the con ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20881 (cPanel before 74.0.8 allows self stored XSS on the Security Questions ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20880 (cPanel before 74.0.8 mishandles account suspension because of an inval ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20879 (cPanel before 74.0.8 allows demo accounts to execute arbitrary code vi ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20878 (cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Rest ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20877 (cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SE ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20876 (cPanel before 74.0.8 allows self XSS in the Site Software Moderation i ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20875 (cPanel before 74.0.8 allows self XSS in the WHM Security Questions int ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20874 (cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV daemon ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...) NOT-FOR-US: DrayTek routers CVE-2017-18482 @@ -513,101 +513,101 @@ CVE-2017-18383 CVE-2017-18382 RESERVED CVE-2016-10860 (cPanel before 11.54.0.0 allows unauthorized zone modification via the ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10859 (cPanel before 11.54.0.0 allows unauthorized password changes via Webma ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10858 (cPanel before 11.54.0.0 allows unauthenticated arbitrary code executio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10857 (cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (S ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10856 (cPanel before 11.54.0.0 allows subaccounts to discover sensitive data ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10855 (cPanel before 11.54.0.4 allows unauthenticated arbitrary code executio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10854 (cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner inter ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10853 (cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager i ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10852 (cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsyst ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10851 (cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration e ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10850 (cPanel before 11.54.0.4 allows arbitrary code execution via scripts/sy ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10849 (cPanel before 11.54.0.4 allows certain file-chmod operations in script ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10848 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10847 (cPanel before 11.54.0.4 allows arbitrary file-read and file-write oper ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10846 (cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod ope ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10845 (cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10844 (The chcpass script in cPanel before 11.54.0.4 reveals a password hash ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10843 (cPanel before 11.54.0.4 allows code execution in the context of shared ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10842 (cPanel before 11.54.0.4 allows certain file-read operations in bin/set ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10841 (The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses pas ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10840 (cPanel before 11.54.0.4 allows arbitrary code execution during locale ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10839 (cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usern ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10838 (cPanel before 11.54.0.4 allows arbitrary file-read operations via the ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10837 (cPanel before 11.54.0.4 allows arbitrary code execution because of an ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10836 (cPanel before 55.9999.141 allows arbitrary file-read operations during ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10835 (cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10834 (cPanel before 55.9999.141 allows account-suspension bypass via ftp (SE ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10833 (cPanel before 55.9999.141 mishandles username-based blocking for PRE r ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10832 (cPanel before 55.9999.141 allows FTP cPHulk bypass via account name mu ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10831 (cPanel before 55.9999.141 does not perform as two-factor authenticatio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10830 (cPanel before 55.9999.141 allows ACL bypass for AppConfig applications ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10829 (cPanel before 55.9999.141 allows arbitrary file-read operations becaus ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10828 (cPanel before 55.9999.141 allows arbitrary code execution because of a ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10827 (cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Ma ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10826 (cPanel before 55.9999.141 allows attackers to bypass Two Factor Authen ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10825 (cPanel before 55.9999.141 allows attackers to bypass a Security Policy ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10824 (cPanel before 55.9999.141 allows unauthenticated arbitrary code execut ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10823 (cPanel before 55.9999.141 allows arbitrary code execution in the conte ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10822 (cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Imag ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10821 (In cPanel before 55.9999.141, Scripts/addpop reveals a command-line pa ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10820 (cPanel before 55.9999.141 allows daemons to access their controlling T ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10819 (In cPanel before 57.9999.54, user log files become world-readable when ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10818 (cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsa ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10817 (cPanel before 57.9999.54 allows SQL Injection via the ModSecurity Tail ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10816 (cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10815 (cPanel before 57.9999.54 allows arbitrary file-read operations for Web ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_template.sto ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10812 RESERVED CVE-2016-10811 @@ -701,7 +701,7 @@ CVE-2016-10768 CVE-2016-10767 RESERVED CVE-2015-9291 (cPanel before 11.52.0.13 does not prevent arbitrary file-read operatio ...) - TODO: check + NOT-FOR-US: cPanel CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...) - sigil <unfixed> NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4 @@ -998,19 +998,19 @@ CVE-2019-14340 CVE-2019-14339 RESERVED CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14335 RESERVED CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14332 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-14331 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) NOT-FOR-US: EspoCRM CVE-2019-14330 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94514a636df93d7502f8a0e285bd3d14e4700140 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/94514a636df93d7502f8a0e285bd3d14e4700140 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits