Author: jmm Date: 2017-01-30 17:41:41 +0000 (Mon, 30 Jan 2017) New Revision: 48560
Modified: data/CVE/list Log: NFUs some ITPs for ox Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-01-30 17:30:41 UTC (rev 48559) +++ data/CVE/list 2017-01-30 17:41:41 UTC (rev 48560) @@ -56,7 +56,7 @@ CVE-2017-5595 RESERVED CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this ...) - TODO: check + NOT-FOR-US: Pagekit CMS CVE-2017-5593 RESERVED CVE-2017-5592 @@ -6021,123 +6021,123 @@ CVE-2017-3393 RESERVED CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) NOT-FOR-US: Oracle CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...) NOT-FOR-US: Oracle CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) NOT-FOR-US: Oracle CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3356 RESERVED CVE-2017-3355 RESERVED CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3347 RESERVED CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3345 RESERVED CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3342 RESERVED CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3337 RESERVED CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...) @@ -7116,11 +7116,11 @@ CVE-2017-2973 RESERVED CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2017-2969 RESERVED CVE-2017-2968 @@ -7202,7 +7202,7 @@ CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Chrome extension CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) NOT-FOR-US: Adobe Flash CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) @@ -14494,15 +14494,15 @@ CVE-2016-9308 RESERVED CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2016-9295 RESERVED CVE-2016-9293 @@ -14788,15 +14788,15 @@ CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...) NOT-FOR-US: Cisco CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-9219 RESERVED CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco ...) NOT-FOR-US: Cisco CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr ...) @@ -15173,9 +15173,9 @@ NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2 CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...) - TODO: check + NOT-FOR-US: Android Broadcom driver CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...) - TODO: check + NOT-FOR-US: Android Broadcom driver CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...) {DLA-698-1 DLA-689-1} - qemu 1:2.8+dfsg-1 (bug #842463) @@ -15230,7 +15230,7 @@ NOTE: https://hackerone.com/reports/178152 NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/ CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...) - TODO: check + NOT-FOR-US: Joomla CVE-2016-9080 RESERVED - firefox 50.1.0-1 @@ -15336,15 +15336,15 @@ CVE-2016-9055 RESERVED CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Aerospike Database CVE-2016-9053 RESERVED CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists in the ...) - TODO: check + NOT-FOR-US: Aerospike Database CVE-2016-9051 RESERVED CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the client ...) - TODO: check + NOT-FOR-US: Aerospike Database CVE-2016-9049 RESERVED CVE-2016-9048 @@ -15466,7 +15466,7 @@ NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/ NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9 CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated ...) - TODO: check + NOT-FOR-US: CloudVision Portal CVE-2016-9010 RESERVED CVE-2016-9009 @@ -21166,7 +21166,7 @@ - linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename) - linux-2.6 2.6.37-1 CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2016-7551 [AST-2016-007] RESERVED {DSA-3700-1 DLA-781-1} @@ -21183,9 +21183,9 @@ CVE-2016-7173 RESERVED CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive ...) - TODO: check + NOT-FOR-US: NetApp CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...) - TODO: check + NOT-FOR-US: NetApp CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...) {DLA-653-1 DLA-652-1} - qemu 1:2.8+dfsg-1 (bug #837316) @@ -22048,9 +22048,9 @@ CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...) NOT-FOR-US: Adobe CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...) - TODO: check + NOT-FOR-US: Adobe CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) NOT-FOR-US: Adobe Flash CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...) @@ -22097,11 +22097,11 @@ [wheezy] - libgd2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2 CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...) - TODO: check + NOT-FOR-US: Android build by Samsung CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...) NOT-FOR-US: Fortinet CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are displayed ...) - TODO: check + NOT-FOR-US: Opera CVE-2016-6907 RESERVED CVE-2016-6906 [OOB reads of the TGA decompression buffer] @@ -22221,31 +22221,31 @@ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143 NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6849 RESERVED CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6846 RESERVED CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...) - TODO: check + - open-xchange <itp> (bug #269329) CVE-2016-6841 RESERVED CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface ...) @@ -22340,7 +22340,7 @@ CVE-2016-6821 RESERVED CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions before ...) - TODO: check + NOT-FOR-US: MetroCluster Tiebreaker CVE-2016-6819 RESERVED CVE-2016-6818 @@ -22480,7 +22480,7 @@ NOTE: https://git.kernel.org/linus/82939d7999dfc1f1998c4b1c12e2f19edbdff272 (v4.6-rc1) NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1) CVE-2015-8951 (Multiple use-after-free vulnerabilities in ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #834504) @@ -22494,13 +22494,13 @@ CVE-2016-6792 RESERVED CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx library ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx library ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C driver ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux kernel ...) - linux 4.0.2-1 NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1) @@ -22508,27 +22508,27 @@ - linux 4.0.2-1 NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1) CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver could ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver could ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver could ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver could ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver could ...) - TODO: check + NOT-FOR-US: MediaTek driver for Android CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec driver ...) - TODO: check + NOT-FOR-US: HTC driver for Android CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec driver ...) - TODO: check + NOT-FOR-US: HTC driver for Android CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec driver ...) - TODO: check + NOT-FOR-US: HTC driver for Android CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6774 (An information disclosure vulnerability in Package Manager could ...) TODO: check CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder in ...) @@ -22556,33 +22556,33 @@ CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library ...) TODO: check CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media codecs could ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media codecs could ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media codecs could ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media codecs could ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x ...) - TODO: check + NOT-FOR-US: Webview for Android CVE-2016-6753 (An information disclosure vulnerability in kernel components, ...) TODO: check CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6750 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6749 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android before ...) TODO: check CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU driver in ...) @@ -22596,31 +22596,31 @@ CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics touchscreen ...) TODO: check CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6739 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION subsystem in ...) TODO: check CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6734 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6733 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6732 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6731 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6730 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...) - TODO: check + NOT-FOR-US: Nvidia driver for Android CVE-2016-6729 (An elevation of privilege vulnerability in the Qualcomm bootloader in ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...) NOT-FOR-US: Rowhammer hardware vulnerability on Android devices NOTE: https://www.vusec.net/projects/drammer/ @@ -22629,7 +22629,7 @@ CVE-2016-6726 RESERVED CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...) - TODO: check + NOT-FOR-US: Qualcomm driver for Android CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...) TODO: check CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x ...) @@ -22844,19 +22844,19 @@ CVE-2016-6660 RESERVED CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2016-6658 RESERVED CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2016-6655 RESERVED CVE-2016-6654 RESERVED CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) ...) - TODO: check + NOT-FOR-US: Pivotal CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 ...) NOT-FOR-US: Pivotal Spring Data CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...) @@ -23346,13 +23346,13 @@ NOTE: https://github.com/ImageMagick/ImageMagick/pull/223 NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1 CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: ZOHO WebNMS CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...) - TODO: check + NOT-FOR-US: ZOHO WebNMS CVE-2016-6601 (Directory traversal vulnerability in the file download functionality ...) - TODO: check + NOT-FOR-US: ZOHO WebNMS CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...) - TODO: check + NOT-FOR-US: ZOHO WebNMS CVE-2016-6599 RESERVED CVE-2016-6598 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits