[Secure-testing-commits] r50522 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 10 09:10:14 UTC 2017
Author: sectracker
Date: 2017-04-10 09:10:14 +0000 (Mon, 10 Apr 2017)
New Revision: 50522
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-10 07:21:30 UTC (rev 50521)
+++ data/CVE/list 2017-04-10 09:10:14 UTC (rev 50522)
@@ -29628,8 +29628,8 @@
NOT-FOR-US: AVer
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
NOT-FOR-US: AVer
-CVE-2016-6534
- RESERVED
+CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, ...)
+ TODO: check
CVE-2016-6533
RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
@@ -32518,8 +32518,8 @@
NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server ...)
NOT-FOR-US: ReadyDesk
-CVE-2016-5682
- RESERVED
+CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the ...)
+ TODO: check
CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
NOT-FOR-US: D-Link
CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 ...)
@@ -32604,8 +32604,8 @@
RESERVED
CVE-2016-5643
RESERVED
-CVE-2016-5642
- RESERVED
+CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
+ TODO: check
CVE-2016-5641
RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron ...)
@@ -35168,34 +35168,34 @@
NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
CVE-2016-5079
RESERVED
-CVE-2016-5078
- RESERVED
-CVE-2016-5077
- RESERVED
-CVE-2016-5076
- RESERVED
-CVE-2016-5075
- RESERVED
-CVE-2016-5074
- RESERVED
-CVE-2016-5073
- RESERVED
-CVE-2016-5072
- RESERVED
-CVE-2016-5071
- RESERVED
-CVE-2016-5070
- RESERVED
-CVE-2016-5069
- RESERVED
-CVE-2016-5068
- RESERVED
-CVE-2016-5067
- RESERVED
-CVE-2016-5066
- RESERVED
-CVE-2016-5065
- RESERVED
+CVE-2016-5078 (Paessler PRTG before 16.2.24.4045 has XSS via SNMP. ...)
+ TODO: check
+CVE-2016-5077 (Netikus EventSentry before 3.2.1.44 has XSS via SNMP. ...)
+ TODO: check
+CVE-2016-5076 (CloudView NMS before 2.10a allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2016-5075 (CloudView NMS before 2.10a has XSS via a TELNET login. ...)
+ TODO: check
+CVE-2016-5074 (CloudView NMS before 2.10a has a format string issue exploitable over ...)
+ TODO: check
+CVE-2016-5073 (CloudView NMS before 2.10a has XSS via SNMP. ...)
+ TODO: check
+CVE-2016-5072 (OXID eShop before 2016-06-13 allows remote attackers to execute ...)
+ TODO: check
+CVE-2016-5071 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the ...)
+ TODO: check
+CVE-2016-5070 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store ...)
+ TODO: check
+CVE-2016-5069 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable ...)
+ TODO: check
+CVE-2016-5068 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require ...)
+ TODO: check
+CVE-2016-5067 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT ...)
+ TODO: check
+CVE-2016-5066 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak ...)
+ TODO: check
+CVE-2016-5065 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow ...)
+ TODO: check
CVE-2016-5064
RESERVED
CVE-2016-5063
@@ -35206,24 +35206,24 @@
NOT-FOR-US: Aternity
CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before ...)
NOT-FOR-US: nGrinder
-CVE-2016-5059
- RESERVED
-CVE-2016-5058
- RESERVED
-CVE-2016-5057
- RESERVED
-CVE-2016-5056
- RESERVED
-CVE-2016-5055
- RESERVED
-CVE-2016-5054
- RESERVED
-CVE-2016-5053
- RESERVED
-CVE-2016-5052
- RESERVED
-CVE-2016-5051
- RESERVED
+CVE-2016-5059 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to ...)
+ TODO: check
+CVE-2016-5058 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee ...)
+ TODO: check
+CVE-2016-5057 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL ...)
+ TODO: check
+CVE-2016-5056 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex ...)
+ TODO: check
+CVE-2016-5055 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the ...)
+ TODO: check
+CVE-2016-5054 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee ...)
+ TODO: check
+CVE-2016-5053 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote ...)
+ TODO: check
+CVE-2016-5052 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL ...)
+ TODO: check
+CVE-2016-5051 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in ...)
+ TODO: check
CVE-2016-5050 (Unrestricted file upload vulnerability in chat/sendfile.aspx in ...)
NOT-FOR-US: ReadyDesk
CVE-2016-5049 (Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk ...)
@@ -37466,8 +37466,8 @@
NOT-FOR-US: Lexmark Document Filters
CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the ...)
NOT-FOR-US: Lexmark Document Filters
-CVE-2016-4334
- RESERVED
+CVE-2016-4334 (Jive before 2016.3.1 has an open redirect from the external-link.jspa ...)
+ TODO: check
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a value ...)
{DSA-3727-1 DLA-771-1}
- hdf5 1.10.0-patch1+docs-1 (bug #845301)
@@ -37513,14 +37513,14 @@
NOT-FOR-US: BMC
CVE-2016-4321
RESERVED
-CVE-2016-4320
- RESERVED
-CVE-2016-4319
- RESERVED
-CVE-2016-4318
- RESERVED
-CVE-2016-4317
- RESERVED
+CVE-2016-4320 (Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read ...)
+ TODO: check
+CVE-2016-4319 (Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. ...)
+ TODO: check
+CVE-2016-4318 (Atlassian JIRA Server before 7.1.9 has XSS in ...)
+ TODO: check
+CVE-2016-4317 (Atlassian Confluence Server before 5.9.11 has XSS on the ...)
+ TODO: check
CVE-2016-4316 (Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon ...)
NOT-FOR-US: WSO2 Carbon
CVE-2016-4315 (Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 ...)
@@ -46640,10 +46640,10 @@
RESERVED
CVE-2016-1518
RESERVED
-CVE-2016-1517
- RESERVED
-CVE-2016-1516
- RESERVED
+CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service ...)
+ TODO: check
+CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
+ TODO: check
CVE-2016-1515
REJECTED
CVE-2016-1514
@@ -52157,10 +52157,10 @@
RESERVED
CVE-2015-8277 (Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in ...)
NOT-FOR-US: Flexera FlexNet Publisher
-CVE-2015-8276
- RESERVED
-CVE-2015-8275
- RESERVED
+CVE-2015-8276 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow ...)
+ TODO: check
+CVE-2015-8275 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow ...)
+ TODO: check
CVE-2015-8274
RESERVED
CVE-2015-8273
@@ -52193,14 +52193,14 @@
RESERVED
CVE-2015-8259
RESERVED
-CVE-2015-8258
- RESERVED
+CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow remote ...)
+ TODO: check
CVE-2015-8257
RESERVED
CVE-2015-8256
RESERVED
-CVE-2015-8255
- RESERVED
+CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
+ TODO: check
CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
NOT-FOR-US: Frontel
CVE-2015-8253 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
@@ -55138,8 +55138,8 @@
NOTE: https://nodesecurity.io/advisories/19
CVE-2015-7293
RESERVED
-CVE-2015-7292
- RESERVED
+CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
+ TODO: check
CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
NOT-FOR-US: Arris
CVE-2015-7290 (Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web ...)
@@ -55172,18 +55172,18 @@
NOT-FOR-US: Amped Wireless
CVE-2015-7276
RESERVED
-CVE-2015-7275
- RESERVED
-CVE-2015-7274
- RESERVED
-CVE-2015-7273
- RESERVED
-CVE-2015-7272
- RESERVED
-CVE-2015-7271
- RESERVED
-CVE-2015-7270
- RESERVED
+CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 ...)
+ TODO: check
+CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows ...)
+ TODO: check
+CVE-2015-7273 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
+ TODO: check
+CVE-2015-7272 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
+ TODO: check
+CVE-2015-7271 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
+ TODO: check
+CVE-2015-7270 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
+ TODO: check
CVE-2015-7269
RESERVED
CVE-2015-7268
@@ -55192,18 +55192,18 @@
RESERVED
CVE-2015-7266
RESERVED
-CVE-2015-7265
- RESERVED
-CVE-2015-7264
- RESERVED
-CVE-2015-7263
- RESERVED
+CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request ...)
+ TODO: check
+CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a ...)
+ TODO: check
+CVE-2015-7263 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote ...)
+ TODO: check
CVE-2015-7262 (QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage ...)
NOT-FOR-US: QNAP
CVE-2015-7261 (The FTP service in QNAP iArtist Lite before 1.4.54, as distributed ...)
NOT-FOR-US: QNAP
-CVE-2015-7260
- RESERVED
+CVE-2015-7260 (Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain ...)
+ TODO: check
CVE-2015-7259
RESERVED
CVE-2015-7258
@@ -58242,8 +58242,8 @@
NOT-FOR-US: Microsoft
CVE-2015-6036 (QNAP Signage Station before 2.0.1 allows remote attackers to bypass ...)
NOT-FOR-US: QNAP Signage Station
-CVE-2015-6035
- RESERVED
+CVE-2015-6035 (Opsview before 2015-11-06 has XSS via SNMP. ...)
+ TODO: check
CVE-2015-6034 (EPSON Network Utility 4.10 uses weak permissions (Everyone: Full ...)
NOT-FOR-US: Epson
CVE-2015-6033 (Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital ...)
@@ -58259,10 +58259,10 @@
NOT-FOR-US: HP Arcsight Logger
CVE-2015-6029 (HP ArcSight Logger before 6.0 P2 does not limit attempts to ...)
NOT-FOR-US: HP Arcsight Logger
-CVE-2015-6028
- RESERVED
-CVE-2015-6027
- RESERVED
+CVE-2015-6028 (Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the ...)
+ TODO: check
+CVE-2015-6027 (Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. ...)
+ TODO: check
CVE-2015-6026
RESERVED
CVE-2015-6025
@@ -58273,8 +58273,8 @@
NOT-FOR-US: Qolsys NetCommWireless
CVE-2015-6022 (Unrestricted file upload vulnerability in QNAP Signage Station before ...)
NOT-FOR-US: QNAP Signage Station
-CVE-2015-6021
- RESERVED
+CVE-2015-6021 (Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. ...)
+ TODO: check
CVE-2015-6020 (ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote ...)
NOT-FOR-US: ZyXEL
CVE-2015-6019 (The management portal on ZyXEL PMG5318-B20A devices with firmware ...)
@@ -67568,26 +67568,26 @@
RESERVED
CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...)
NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware
-CVE-2015-2889
- RESERVED
-CVE-2015-2888
- RESERVED
-CVE-2015-2887
- RESERVED
-CVE-2015-2886
- RESERVED
-CVE-2015-2885
- RESERVED
-CVE-2015-2884
- RESERVED
-CVE-2015-2883
- RESERVED
-CVE-2015-2882
- RESERVED
-CVE-2015-2881
- RESERVED
-CVE-2015-2880
- RESERVED
+CVE-2015-2889 (Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote ...)
+ TODO: check
+CVE-2015-2888 (Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote ...)
+ TODO: check
+CVE-2015-2887 (iBaby M3S has a password of admin for the backdoor admin account. ...)
+ TODO: check
+CVE-2015-2886 (iBaby M6 allows remote attackers to obtain sensitive information, ...)
+ TODO: check
+CVE-2015-2885 (Lens Peek-a-View has a password of 2601hx for the backdoor admin ...)
+ TODO: check
+CVE-2015-2884 (Philips In.Sight B120/37 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2015-2883 (Philips In.Sight B120/37 has XSS, related to the Weaved cloud web ...)
+ TODO: check
+CVE-2015-2882 (Philips In.Sight B120/37 has a password of b120root for the backdoor ...)
+ TODO: check
+CVE-2015-2881 (Gynoii has a password of guest for the backdoor guest account and a ...)
+ TODO: check
+CVE-2015-2880 (TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the ...)
+ TODO: check
CVE-2015-2879
RESERVED
CVE-2015-2878
@@ -94084,8 +94084,8 @@
NOT-FOR-US: Belkin router
CVE-2014-2961
RESERVED
-CVE-2014-2960
- RESERVED
+CVE-2014-2960 (Vision Critical before 2014-05-30 allows attackers to read arbitrary ...)
+ TODO: check
CVE-2014-2959 (logViewer.htm on the Dell ML6000 tape backup system with firmware ...)
NOT-FOR-US: Quantum Scalar
CVE-2014-2958
More information about the Secure-testing-commits
mailing list