[Secure-testing-commits] r42312 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sat Jun 4 19:29:33 UTC 2016 

Author: mgilbert
Date: 2016-06-04 19:29:33 +0000 (Sat, 04 Jun 2016)
New Revision: 42312

Modified:
   data/CVE/list
Log:
nfus

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-06-04 17:54:52 UTC (rev 42311)
+++ data/CVE/list	2016-06-04 19:29:33 UTC (rev 42312)
@@ -2197,7 +2197,7 @@
 CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
 	NOT-FOR-US: Environmental Systems Corporation
 CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users to write ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x ...)
 	NOT-FOR-US: Panasonic FPWIN Pro
 CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an ...)
@@ -8341,13 +8341,13 @@
 CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...)
 	NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
 CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
-	TODO: check
+	NOT-FOR-US: Accellion
 CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
-	TODO: check
+	NOT-FOR-US: Accellion
 CVE-2016-2351 (SQL injection vulnerability in home/seos/courier/security_key2.api on ...)
-	TODO: check
+	NOT-FOR-US: Accellion
 CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion ...)
-	TODO: check
+	NOT-FOR-US: Accellion
 CVE-2016-2349
 	RESERVED
 CVE-2016-2348
@@ -8358,7 +8358,7 @@
 	- lhasa 0.3.1-1
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
 CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies on ...)
-	TODO: check
+	NOT-FOR-US: Allround Automations
 CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in ...)
 	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
 CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in ...)
@@ -8373,7 +8373,7 @@
 CVE-2016-2341
 	RESERVED
 CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows ...)
-	TODO: check
+	NOT-FOR-US: Granite
 CVE-2016-2339
 	RESERVED
 CVE-2016-2338
@@ -8391,11 +8391,11 @@
 	- p7zip 15.14.1+dfsg-2 (bug #824160)
 	NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
 CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with ...)
-	TODO: check
+	NOT-FOR-US: SysLINK
 CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine ...)
-	TODO: check
+	NOT-FOR-US: SysLINK
 CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular ...)
-	TODO: check
+	NOT-FOR-US: SysLINK
 CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c ...)
 	{DSA-3535-1}
 	- kamailio 4.3.4-2 (bug #815178)
@@ -8599,11 +8599,11 @@
 	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
 	TODO: check other versions (newest 1.3.23 is vulnerable according to reporter)
 CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
-	TODO: check
+	NOT-FOR-US: AlertWerks
 CVE-2016-2310
 	RESERVED
 CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
-	TODO: check
+	NOT-FOR-US: iRZ RUH2
 CVE-2016-2308
 	RESERVED
 CVE-2016-2307
@@ -8625,17 +8625,17 @@
 CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
-	TODO: check
+	NOT-FOR-US: Meteocontrol
 CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
-	TODO: check
+	NOT-FOR-US: Meteocontrol
 CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
-	TODO: check
+	NOT-FOR-US: Meteocontrol
 CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
-	TODO: check
+	NOT-FOR-US: Acuvim
 CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
-	TODO: check
+	NOT-FOR-US: Acuvim
 CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
 	NOT-FOR-US: Pro-face
 CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, ...)
@@ -8644,15 +8644,15 @@
 	NOT-FOR-US: Pro-face
 CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier ...)
 	NOT-FOR-US: ICONICS WebHMI
-	TODO: check
+	NOT-FOR-US: ICONICS
 CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by ...)
 	NOT-FOR-US: Cogent DataHub
 CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR ...)
 	NOT-FOR-US: XZERES
 CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2016-2284
 	RESERVED
 CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
@@ -8660,15 +8660,15 @@
 CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
 	NOT-FOR-US: Moxa ioLogik E2200 devices
 CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 ...)
-	TODO: check
+	NOT-FOR-US: ABB Panel Builder
 CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process History ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
 	NOT-FOR-US: CompactLogix
 CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2016-2276
 	RESERVED
 CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...)
@@ -8678,7 +8678,7 @@
 CVE-2016-2273
 	RESERVED
 CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Eaton Lighting
 CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
 	{DSA-3519-1 DLA-479-1}
 	- xen <unfixed> (bug #823620)
@@ -8881,7 +8881,7 @@
 CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal ...)
 	NOT-FOR-US: Huawei
 CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
-	TODO: check
+	NOT-FOR-US: Magento
 CVE-2016-2211
 	RESERVED
 CVE-2016-2210
@@ -9590,7 +9590,7 @@
 CVE-2016-2061
 	RESERVED
 CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...)
 	NOT-FOR-US: Android drivers
 CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, ...)
@@ -9764,11 +9764,11 @@
 CVE-2016-2026
 	RESERVED
 CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2024
 	RESERVED
 CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2022
 	RESERVED
 CVE-2016-2021
@@ -9782,21 +9782,21 @@
 CVE-2016-2017
 	RESERVED
 CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2012 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2011 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2010 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2009 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
 	NOT-FOR-US: HPE Data Protector
 CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
@@ -10186,11 +10186,11 @@
 CVE-2016-1921
 	RESERVED
 CVE-2016-1918 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2016-1917 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2016-1915
 	RESERVED
 CVE-2016-1914

More information about the Secure-testing-commits mailing list