Author: mgilbert
Date: 2016-08-24 23:57:31 +0000 (Wed, 24 Aug 2016)
New Revision: 44123
Modified:
data/CVE/list
Log:
nfus
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-08-24 21:10:14 UTC (rev 44122)
+++ data/CVE/list 2016-08-24 23:57:31 UTC (rev 44123)
@@ -1541,7 +1541,7 @@
CVE-2016-6495
RESERVED
CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and
Citrix ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
- mongodb 1:2.6.12-1 (bug #833087)
[wheezy] - mongodb 1:2.0.6-1.1+deb7u1
@@ -1917,23 +1917,23 @@
CVE-2016-6368
RESERVED
CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1)
on ASA ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA)
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6365 (Cross-site scripting (XSS) vulnerability in Cisco Firepower
Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6364 (The User Data Services (UDS) API implementation in Cisco
Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6360
RESERVED
CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport
Gateway ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6358
RESERVED
CVE-2016-6357
@@ -1941,7 +1941,7 @@
CVE-2016-6356
RESERVED
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through
5.2.5, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-6353
RESERVED
CVE-2016-6348
@@ -2255,7 +2255,7 @@
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-182.html
CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo
Liteon ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-6256
RESERVED
CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in
network.c ...)
@@ -2735,7 +2735,7 @@
CVE-2016-6205
RESERVED
CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web
server ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-6203
RESERVED
CVE-2016-6202
@@ -2753,9 +2753,9 @@
CVE-2016-6194
RESERVED
CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones
with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones
with ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-1000026
RESERVED
CVE-2016-1000025
@@ -2936,7 +2936,7 @@
CVE-2016-6179
RESERVED
CVE-2016-6178 (Huawei NE40E and CX600 devices with software before
V800R007SPH017; ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-6177
RESERVED
CVE-2016-6176
@@ -2951,7 +2951,7 @@
CVE-2016-6175
RESERVED
CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision
Power ...)
- TODO: check
+ NOT-FOR-US: Inivision
CVE-2016-6169
RESERVED
CVE-2016-6168
@@ -3031,23 +3031,23 @@
CVE-2016-6154
RESERVED
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote
authenticated ...)
- TODO: check
+ NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: eHealth
CVE-2016-6150 (The multi-tenant database container feature in SAP HANA does
not ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6149 (SAP HANA SPS09 1.00.091.00.14186593 allows local users to
obtain ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows
remote ...)
- TODO: check
+ NOT-FOR-US: SAP TREX
CVE-2016-6146
RESERVED
CVE-2016-6145 (The SQL interface in SAP HANA provides different error messages
for ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not
limit the ...)
- TODO: check
+ NOT-FOR-US: SAP HANA
CVE-2016-6143
RESERVED
CVE-2016-6142
@@ -3055,11 +3055,11 @@
CVE-2016-6141
RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to
...)
- TODO: check
+ NOT-FOR-US: SAP TREX
CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read
arbitrary ...)
- TODO: check
+ NOT-FOR-US: SAP TREX
CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63
allows ...)
- TODO: check
+ NOT-FOR-US: SAP TREX
CVE-2016-6137
RESERVED
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in
...)
@@ -3593,7 +3593,7 @@
CVE-2016-5879
RESERVED
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5877
RESERVED
CVE-2016-6132 (The gdImageCreateFromTgaCtx function in the GD Graphics Library
(aka ...)
@@ -3655,7 +3655,7 @@
NOTE: but is not yet REJECTED by MITRE.
NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5875.tif
CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-5872
RESERVED
CVE-2016-5871
@@ -3699,7 +3699,7 @@
CVE-2016-5852
RESERVED
CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup
service ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-5873
RESERVED
- php-pecl-http 3.0.1-0.1
@@ -3738,7 +3738,7 @@
CVE-2016-5818
RESERVED
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis
WebAccess ...)
- TODO: check
+ NOT-FOR-US: Cargotec
CVE-2016-5816
RESERVED
CVE-2016-5815
@@ -3748,7 +3748,7 @@
CVE-2016-5813
RESERVED
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211,
and ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5811
RESERVED
CVE-2016-5810
@@ -3758,13 +3758,13 @@
CVE-2016-5808
RESERVED
CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Tollgrade
CVE-2016-5806
RESERVED
CVE-2016-5805
RESERVED
CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate
MB3480 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5803
RESERVED
CVE-2016-5802
@@ -3774,11 +3774,11 @@
CVE-2016-5800
RESERVED
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211,
and ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5798
RESERVED
CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different
error ...)
- TODO: check
+ NOT-FOR-US: Tollgrade
CVE-2016-5796
RESERVED
CVE-2016-5795
@@ -3788,17 +3788,17 @@
CVE-2016-5793
RESERVED
CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5791
RESERVED
CVE-2016-5790 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Tollgrade
CVE-2016-5789
RESERVED
CVE-2016-5788
RESERVED
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY
before ...)
- TODO: check
+ NOT-FOR-US: CIMPLICITY
CVE-2016-5786
RESERVED
CVE-2016-5785
@@ -3810,7 +3810,7 @@
CVE-2016-5782
RESERVED
CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote
...)
- TODO: check
+ NOT-FOR-US: LeviStudio
CVE-2016-5780
RESERVED
CVE-2016-5779
@@ -3824,7 +3824,7 @@
CVE-2016-5775
RESERVED
CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x
before ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2016-5765
RESERVED
CVE-2016-5764
@@ -4044,9 +4044,9 @@
- libical <unfixed>
TODO: check
CVE-2016-5744 (Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before
Update 1, ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the
...)
{DSA-3639-1 DLA-568-1}
- wordpress 4.5.3+dfsg-1
@@ -4165,7 +4165,7 @@
CVE-2016-5738
RESERVED
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5
BIG-IP ...)
- TODO: check
+ NOT-FOR-US: BIG-IP
CVE-2016-5735
RESERVED
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and
4.6.x ...)
@@ -4196,7 +4196,7 @@
RESERVED
NOT-FOR-US: Openstack-infra puppet-gerrit module
CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute
...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-5728 (Race condition in the vop_ioctl function in ...)
{DSA-3616-1}
- linux 4.6.1-1
@@ -4215,9 +4215,9 @@
CVE-2016-5724
RESERVED
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-5722 (OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800
V3, and ...)
- TODO: check
+ NOT-FOR-US: OceanStor
CVE-2016-5721
RESERVED
CVE-2016-5720
@@ -4243,7 +4243,7 @@
CVE-2016-5710
RESERVED
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak
...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2016-5708
RESERVED
CVE-2016-5707
@@ -4317,19 +4317,19 @@
CVE-2016-5673
RESERVED
CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11,
21.x ...)
- TODO: check
+ - crosswalk <itp> (bug #775876)
CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on
Crestron ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5670 (Crestron Electronics DM-TXRX-100-STR devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5669 (Crestron Electronics DM-TXRX-100-STR devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5668 (Crestron Electronics DM-TXRX-100-STR devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5667 (Crestron Electronics DM-TXRX-100-STR devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5666 (Crestron Electronics DM-TXRX-100-STR devices with firmware
before ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5665
RESERVED
CVE-2016-5664
@@ -4339,9 +4339,9 @@
CVE-2016-5662
RESERVED
CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the
client to ...)
- TODO: check
+ NOT-FOR-US: Accela
CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in
AttachmentsList.aspx in ...)
- TODO: check
+ NOT-FOR-US: Accela
CVE-2016-5659
RESERVED
CVE-2016-5658
@@ -4351,17 +4351,17 @@
CVE-2016-5656
RESERVED
CVE-2016-5655 (Misys FusionCapital Opics Plus does not verify X.509
certificates from ...)
- TODO: check
+ NOT-FOR-US: Misys
CVE-2016-5654 (Misys FusionCapital Opics Plus allows remote authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Misys
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital
Opics ...)
- TODO: check
+ NOT-FOR-US: Misys
CVE-2016-5652
RESERVED
CVE-2016-5651
RESERVED
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2
...)
- TODO: check
+ NOT-FOR-US: ZModo
CVE-2016-5649
RESERVED
CVE-2016-5648
@@ -4372,7 +4372,7 @@
CVE-2016-5646
RESERVED
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA,
1766-L32AWA, ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2016-5644
RESERVED
CVE-2016-5643
@@ -4382,9 +4382,9 @@
CVE-2016-5641
RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on
Crestron ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on
Crestron ...)
- TODO: check
+ NOT-FOR-US: Creston
CVE-2016-5638
RESERVED
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
