Author: mgilbert
Date: 2016-06-04 19:29:33 +0000 (Sat, 04 Jun 2016)
New Revision: 42312
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-04 17:54:52 UTC (rev 42311)
+++ data/CVE/list 2016-06-04 19:29:33 UTC (rev 42312)
@@ -2197,7 +2197,7 @@
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller
3.02 and ...)
NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users
to write ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through
7.x ...)
NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an
...)
@@ -8341,13 +8341,13 @@
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors
BlueDriver ...)
NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40
allows ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40
allows ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2351 (SQL injection vulnerability in
home/seos/courier/security_key2.api on ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the
Accellion ...)
- TODO: check
+ NOT-FOR-US: Accellion
CVE-2016-2349
RESERVED
CVE-2016-2348
@@ -8358,7 +8358,7 @@
- lhasa 0.3.1-1
NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies
on ...)
- TODO: check
+ NOT-FOR-US: Allround Automations
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon
in ...)
NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner
Manager in ...)
@@ -8373,7 +8373,7 @@
CVE-2016-2341
RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT
allows ...)
- TODO: check
+ NOT-FOR-US: Granite
CVE-2016-2339
RESERVED
CVE-2016-2338
@@ -8391,11 +8391,11 @@
- p7zip 15.14.1+dfsg-2 (bug #824160)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway
devices with ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000
Machine-to-Machine ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M)
Modular ...)
- TODO: check
+ NOT-FOR-US: SysLINK
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in
encode_msg.c ...)
{DSA-3535-1}
- kamailio 4.3.4-2 (bug #815178)
@@ -8599,11 +8599,11 @@
NOTE: FIX
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
TODO: check other versions (newest 1.3.23 is vulnerable according to
reporter)
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473,
AlertWerks ...)
- TODO: check
+ NOT-FOR-US: AlertWerks
CVE-2016-2310
RESERVED
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which
allows ...)
- TODO: check
+ NOT-FOR-US: iRZ RUH2
CVE-2016-2308
RESERVED
CVE-2016-2307
@@ -8625,17 +8625,17 @@
CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0
build 4522 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
allows ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
allows ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited
does not ...)
- TODO: check
+ NOT-FOR-US: Meteocontrol
CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build
09120714, ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08
and ...)
- TODO: check
+ NOT-FOR-US: Acuvim
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08
and ...)
- TODO: check
+ NOT-FOR-US: Acuvim
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before
...)
NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before
4.05.000, ...)
@@ -8644,15 +8644,15 @@
NOT-FOR-US: Pro-face
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and
earlier ...)
NOT-FOR-US: ICONICS WebHMI
- TODO: check
+ NOT-FOR-US: ICONICS
CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain
privileges by ...)
NOT-FOR-US: Cogent DataHub
CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on
442SR ...)
NOT-FOR-US: XZERES
CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build
09120714, ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-2284
RESERVED
CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin
Configuration ...)
@@ -8660,15 +8660,15 @@
CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin
Configuration ...)
NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800
5.1 ...)
- TODO: check
+ NOT-FOR-US: ABB Panel Builder
CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process
History ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in
Rockwell ...)
NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation
Server ...)
NOT-FOR-US: Schneider Electric
CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder
(IAB) ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2016-2276
RESERVED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices
with ...)
@@ -8678,7 +8678,7 @@
CVE-2016-2273
RESERVED
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: Eaton Lighting
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU,
allows ...)
{DSA-3519-1 DLA-479-1}
- xen <unfixed> (bug #823620)
@@ -8881,7 +8881,7 @@
CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified
portal ...)
NOT-FOR-US: Huawei
CVE-2016-2212 (The getOrderByStatusUrlKey function in the
Mage_Rss_Helper_Order class ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2016-2211
RESERVED
CVE-2016-2210
@@ -9590,7 +9590,7 @@
CVE-2016-2061
RESERVED
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in
netd, as ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...)
NOT-FOR-US: Android drivers
CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon
4.1.x, ...)
@@ -9764,11 +9764,11 @@
CVE-2016-2026
RESERVED
CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40,
and 9.41 ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2024
RESERVED
CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2022
RESERVED
CVE-2016-2021
@@ -9782,21 +9782,21 @@
CVE-2016-2017
RESERVED
CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501
B.05.01.0 ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users
to ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25,
10.00, and ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25,
10.00, and ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2012 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25,
10.00, and ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2011 (Cross-site scripting (XSS) vulnerability in HPE Network Node
Manager i ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2010 (Cross-site scripting (XSS) vulnerability in HPE Network Node
Manager i ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2009 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25,
10.00, and ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x
before ...)
NOT-FOR-US: HPE Data Protector
CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x
before ...)
@@ -10186,11 +10186,11 @@
CVE-2016-1921
RESERVED
CVE-2016-1918 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-1917 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2016-1915
RESERVED
CVE-2016-1914
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
