Author: carnil
Date: 2017-04-22 06:21:50 +0000 (Sat, 22 Apr 2017)
New Revision: 50912
Modified:
data/CVE/list
Log:
Process more NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-22 06:12:35 UTC (rev 50911)
+++ data/CVE/list 2017-04-22 06:21:50 UTC (rev 50912)
@@ -37512,9 +37512,9 @@
CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before
2.8.1 ...)
NOT-FOR-US: ClipBucket
CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in
OSSEC ...)
- TODO: check
+ NOT-FOR-US: OSSEC Web UI
CVE-2016-4846 (Untrusted search path vulnerability in the installer of
PhishWall ...)
- TODO: check
+ NOT-FOR-US: PhishWall Client Internet Explorer
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA
DEVICE ...)
NOT-FOR-US: I-O DATA
CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct
...)
@@ -37524,9 +37524,9 @@
CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain
...)
NOT-FOR-US: Cybozu
CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject
...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and
Coordinate Plus ...)
- TODO: check
+ NOT-FOR-US: Coordinate Plus App for Android
CVE-2016-4839
RESERVED
CVE-2016-4838
@@ -37542,13 +37542,13 @@
CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links
plugin ...)
NOT-FOR-US: Nofollow Links plugin for WordPress
CVE-2016-4832 (WAON "Service Application" for Android 1.4.1 and
earlier does not ...)
- TODO: check
+ NOT-FOR-US: WAON "Service Application" for Android
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer
4.7.0 ...)
NOT-FOR-US: LINE
CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for
Android ...)
- TODO: check
+ NOT-FOR-US: Sushiro App
CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie
Player ...)
- TODO: check
+ NOT-FOR-US: DMM Movie Player App
CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress
...)
NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart
...)
@@ -37570,7 +37570,7 @@
CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland
C++ ...)
NOT-FOR-US: Borland
CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for
...)
- TODO: check
+ NOT-FOR-US: DMMFX
CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before
2.0.0-beta5 ...)
NOT-FOR-US: H2O
CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and
...)
@@ -42293,7 +42293,7 @@
CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows
remote ...)
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2016-3108
RESERVED
NOT-FOR-US: Pulp (Red Hat)
@@ -42455,7 +42455,7 @@
NOTE:
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating
permissions when ...)
- TODO: check
+ NOT-FOR-US: Cygwin
CVE-2016-3066 [hijacks clipboard and sends contents to remote servers]
RESERVED
- spice-gtk <unfixed>
@@ -44532,7 +44532,7 @@
CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9
...)
NOT-FOR-US: Android
CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry
...)
- TODO: check
+ NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01
on Nexus ...)
NOT-FOR-US: Android
CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01
on Nexus ...)
@@ -48031,19 +48031,19 @@
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8
for ...)
NOT-FOR-US: DTE Energy Insight
CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default
SSH ...)
- TODO: check
+ NOT-FOR-US: ExaGrid appliances
CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default
...)
- TODO: check
+ NOT-FOR-US: ExaGrid appliances
CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553
H/W ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330
1.06 and ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal
wireless ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210,
...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3)
boardDataJP.php, (4) ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2016-1554
RESERVED
CVE-2016-1553
@@ -48172,11 +48172,11 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
NOTE:
http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does
not use ...)
- TODO: check
+ NOT-FOR-US: Grandstream Wave app
CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app
1.0.1.26 ...)
- TODO: check
+ NOT-FOR-US: Grandstream Wave app
CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app
1.0.1.26 ...)
- TODO: check
+ NOT-FOR-US: Grandstream Wave app
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of
service ...)
- opencv <undetermined>
NOTE: https://arxiv.org/pdf/1701.04739.pdf
@@ -49319,7 +49319,7 @@
CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...)
NOT-FOR-US: Kobe Beauty
CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509
certificates ...)
- TODO: check
+ NOT-FOR-US: Jetstar App
CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access.
...)
NOT-FOR-US: Cybozu
CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass
login ...)
@@ -49341,7 +49341,7 @@
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing
List ...)
NOT-FOR-US: Epoch Web Mailing List
CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does
not ...)
- TODO: check
+ NOT-FOR-US: 105 BANK app
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows
remote ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows
remote ...)
@@ -49365,7 +49365,7 @@
CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0
...)
NOT-FOR-US: LOCKON
CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL
certificates. ...)
- TODO: check
+ NOT-FOR-US: Photopt for Android
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x
before ...)
NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote
authenticated ...)
@@ -49373,7 +49373,7 @@
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before
4.2.1 ...)
NOT-FOR-US: Cybozu
CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain
...)
NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation
in ...)
@@ -49387,13 +49387,13 @@
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote
authenticated ...)
NOT-FOR-US: Cybozu
CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android
2.1.2 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify
SSL ...)
- TODO: check
+ NOT-FOR-US: Kintone mobile for Android
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for
Android ...)
NOT-FOR-US: Cybozu
CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank
App for ...)
- TODO: check
+ NOT-FOR-US: Tokyo Star bank App for Android
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1
through ...)
NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does
not ...)
@@ -49479,7 +49479,7 @@
CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0
...)
NOT-FOR-US: Cybozu Office
CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not
verify SSL ...)
- TODO: check
+ NOT-FOR-US: Akerun
CVE-2016-1147
RESERVED
CVE-2016-1146
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
