Author: carnil Date: 2017-04-22 06:21:50 +0000 (Sat, 22 Apr 2017) New Revision: 50912
Modified: data/CVE/list Log: Process more NFUs Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-04-22 06:12:35 UTC (rev 50911) +++ data/CVE/list 2017-04-22 06:21:50 UTC (rev 50912) @@ -37512,9 +37512,9 @@ CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 ...) NOT-FOR-US: ClipBucket CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC ...) - TODO: check + NOT-FOR-US: OSSEC Web UI CVE-2016-4846 (Untrusted search path vulnerability in the installer of PhishWall ...) - TODO: check + NOT-FOR-US: PhishWall Client Internet Explorer CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...) NOT-FOR-US: I-O DATA CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct ...) @@ -37524,9 +37524,9 @@ CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...) NOT-FOR-US: Cybozu CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus ...) - TODO: check + NOT-FOR-US: Coordinate Plus App for Android CVE-2016-4839 RESERVED CVE-2016-4838 @@ -37542,13 +37542,13 @@ CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...) NOT-FOR-US: Nofollow Links plugin for WordPress CVE-2016-4832 (WAON "Service Application" for Android 1.4.1 and earlier does not ...) - TODO: check + NOT-FOR-US: WAON "Service Application" for Android CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...) NOT-FOR-US: LINE CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android ...) - TODO: check + NOT-FOR-US: Sushiro App CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie Player ...) - TODO: check + NOT-FOR-US: DMM Movie Player App CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress ...) NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...) @@ -37570,7 +37570,7 @@ CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ ...) NOT-FOR-US: Borland CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for ...) - TODO: check + NOT-FOR-US: DMMFX CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...) NOT-FOR-US: H2O CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ...) @@ -42293,7 +42293,7 @@ CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote ...) - libapache2-mod-cluster <itp> (bug #731410) CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows remote ...) - TODO: check + NOT-FOR-US: Shopware CVE-2016-3108 RESERVED NOT-FOR-US: Pulp (Red Hat) @@ -42455,7 +42455,7 @@ NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29 NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8 CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...) - TODO: check + NOT-FOR-US: Cygwin CVE-2016-3066 [hijacks clipboard and sends contents to remote servers] RESERVED - spice-gtk <unfixed> @@ -44532,7 +44532,7 @@ CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...) NOT-FOR-US: Android CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry ...) - TODO: check + NOT-FOR-US: Broadcom Wi-Fi driver for Android CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...) NOT-FOR-US: Android CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...) @@ -48031,19 +48031,19 @@ CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...) NOT-FOR-US: DTE Energy Insight CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default SSH ...) - TODO: check + NOT-FOR-US: ExaGrid appliances CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default ...) - TODO: check + NOT-FOR-US: ExaGrid appliances CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ...) - TODO: check + NOT-FOR-US: D-Link CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and ...) - TODO: check + NOT-FOR-US: D-Link CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless ...) - TODO: check + NOT-FOR-US: Netgear CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210, ...) - TODO: check + NOT-FOR-US: Netgear CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) ...) - TODO: check + NOT-FOR-US: Netgear CVE-2016-1554 RESERVED CVE-2016-1553 @@ -48172,11 +48172,11 @@ NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/ NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does not use ...) - TODO: check + NOT-FOR-US: Grandstream Wave app CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.1.26 ...) - TODO: check + NOT-FOR-US: Grandstream Wave app CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 ...) - TODO: check + NOT-FOR-US: Grandstream Wave app CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service ...) - opencv <undetermined> NOTE: https://arxiv.org/pdf/1701.04739.pdf @@ -49319,7 +49319,7 @@ CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...) NOT-FOR-US: Kobe Beauty CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509 certificates ...) - TODO: check + NOT-FOR-US: Jetstar App CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...) NOT-FOR-US: Cybozu CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login ...) @@ -49341,7 +49341,7 @@ CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...) NOT-FOR-US: Epoch Web Mailing List CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not ...) - TODO: check + NOT-FOR-US: 105 BANK app CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...) NOT-FOR-US: Wordpress plugin CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...) @@ -49365,7 +49365,7 @@ CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 ...) NOT-FOR-US: LOCKON CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL certificates. ...) - TODO: check + NOT-FOR-US: Photopt for Android CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before ...) NOT-FOR-US: Cybozu CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...) @@ -49373,7 +49373,7 @@ CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 ...) NOT-FOR-US: Cybozu CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain ...) NOT-FOR-US: Cybozu CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in ...) @@ -49387,13 +49387,13 @@ CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...) NOT-FOR-US: Cybozu CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 ...) - TODO: check + NOT-FOR-US: Cybozu CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL ...) - TODO: check + NOT-FOR-US: Kintone mobile for Android CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android ...) NOT-FOR-US: Cybozu CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for ...) - TODO: check + NOT-FOR-US: Tokyo Star bank App for Android CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through ...) NOT-FOR-US: NTT CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not ...) @@ -49479,7 +49479,7 @@ CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...) NOT-FOR-US: Cybozu Office CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...) - TODO: check + NOT-FOR-US: Akerun CVE-2016-1147 RESERVED CVE-2016-1146 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits