[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 17 Mar 2020 13:19:49 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
47b59fc1 by Salvatore Bonaccorso at 2020-03-17T21:18:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,9 +105,9 @@ CVE-2020-10598
 CVE-2020-10597
        RESERVED
 CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct 
XSS atta ...)
-       TODO: check
+       NOT-FOR-US: OpenCart
 CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF 
to change ...)
-       TODO: check
+       NOT-FOR-US: Subrion CMS
 CVE-2020-10595
        RESERVED
 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It 
allows att ...)
@@ -1130,25 +1130,25 @@ CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A 
devices have an authenticated O
 CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
        NOT-FOR-US: D-Link
 CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to 
delete arbit ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code 
execution  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code 
executio ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote 
code exe ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files 
via Brandi ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in 
the Mar ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended 
restrictions ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary 
code ex ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file 
editor  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary 
character-set sp ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. 
...)
        NOT-FOR-US: Citrix
 CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent 
Interpretation ...)
@@ -1295,23 +1295,23 @@ CVE-2020-10059
 CVE-2020-10058
        RESERVED
 CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass 
because the  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup 
Restoration (SE ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary 
chown oper ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary 
database v ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a 
predictable  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string 
escaping is  ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of 
misparsi ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual 
mail accoun ...)
        NOT-FOR-US: cPanel
 CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because 
webmail use ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due 
to broke ...)
        NOT-FOR-US: GeniXCMS
 CVE-2020-10056
@@ -84295,7 +84295,7 @@ CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the 
plus/qrcode.php type paramete
 CVE-2018-18577
        RESERVED
 CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for 
WordPress al ...)
-       TODO: check
+       NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress
 CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 
0.8alpha accept ...)
        {DLA-1555-1}
        - libmspack 0.8-1 (bug #911637)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b59fc1fcad0d6d117b32c1738ecc0b5ae856f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b59fc1fcad0d6d117b32c1738ecc0b5ae856f0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to