Author: jmm
Date: 2017-01-30 17:41:41 +0000 (Mon, 30 Jan 2017)
New Revision: 48560
Modified:
data/CVE/list
Log:
NFUs
some ITPs for ox
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-30 17:30:41 UTC (rev 48559)
+++ data/CVE/list 2017-01-30 17:41:41 UTC (rev 48560)
@@ -56,7 +56,7 @@
CVE-2017-5595
RESERVED
CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this
...)
- TODO: check
+ NOT-FOR-US: Pagekit CMS
CVE-2017-5593
RESERVED
CVE-2017-5592
@@ -6021,123 +6021,123 @@
CVE-2017-3393
RESERVED
CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
NOT-FOR-US: Oracle
CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony
component of ...)
NOT-FOR-US: Oracle
CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle
...)
NOT-FOR-US: Oracle
CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3356
RESERVED
CVE-2017-3355
RESERVED
CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3347
RESERVED
CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3345
RESERVED
CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3342
RESERVED
CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3337
RESERVED
CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle
...)
@@ -7116,11 +7116,11 @@
CVE-2017-2973
RESERVED
CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier,
15.006.30244 ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2969
RESERVED
CVE-2017-2968
@@ -7202,7 +7202,7 @@
CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier
have a ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Chrome extension
CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
NOT-FOR-US: Adobe Flash
CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an
exploitable ...)
@@ -14494,15 +14494,15 @@
CVE-2016-9308
RESERVED
CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type
...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1
can ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2016-9295
RESERVED
CVE-2016-9293
@@ -14788,15 +14788,15 @@
CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)
NOT-FOR-US: Cisco
CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco
NetFlow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet
processing ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9219
RESERVED
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and
Cisco ...)
NOT-FOR-US: Cisco
CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the
ipsecmgr ...)
@@ -15173,9 +15173,9 @@
NOTE: Upstream fix:
https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi
driver ...)
- TODO: check
+ NOT-FOR-US: Android Broadcom driver
CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi
driver ...)
- TODO: check
+ NOT-FOR-US: Android Broadcom driver
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU
(aka ...)
{DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
@@ -15230,7 +15230,7 @@
NOTE: https://hackerone.com/reports/178152
NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username,
...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2016-9080
RESERVED
- firefox 50.1.0-1
@@ -15336,15 +15336,15 @@
CVE-2016-9055
RESERVED
CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Aerospike Database
CVE-2016-9053
RESERVED
CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists
in the ...)
- TODO: check
+ NOT-FOR-US: Aerospike Database
CVE-2016-9051
RESERVED
CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the
client ...)
- TODO: check
+ NOT-FOR-US: Aerospike Database
CVE-2016-9049
RESERVED
CVE-2016-9048
@@ -15466,7 +15466,7 @@
NOTE:
https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
NOTE:
https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote
authenticated ...)
- TODO: check
+ NOT-FOR-US: CloudVision Portal
CVE-2016-9010
RESERVED
CVE-2016-9009
@@ -21166,7 +21166,7 @@
- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux
rename)
- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users
to ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2016-7551 [AST-2016-007]
RESERVED
{DSA-3700-1 DLA-781-1}
@@ -21183,9 +21183,9 @@
CVE-2016-7173
RESERVED
CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive
...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1
makes use ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU
(aka ...)
{DLA-653-1 DLA-652-1}
- qemu 1:2.8+dfsg-1 (bug #837316)
@@ -22048,9 +22048,9 @@
CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative
Cloud ...)
NOT-FOR-US: Adobe
CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier,
LiveCycle ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier,
LiveCycle ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.375 ...)
NOT-FOR-US: Adobe Flash
CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before
18.0.0.375 ...)
@@ -22097,11 +22097,11 @@
[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was
introduced in ...)
- TODO: check
+ NOT-FOR-US: Android build by Samsung
CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x
before ...)
NOT-FOR-US: Fortinet
CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are
displayed ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2016-6907
RESERVED
CVE-2016-6906 [OOB reads of the TGA decompression buffer]
@@ -22221,31 +22221,31 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
NOTE:
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before
2.4.2-rev5. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before
2.4.2-rev5. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before
2.4.2-rev5. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6849
RESERVED
CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6846
RESERVED
CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before
7.8.2-rev8. ...)
- TODO: check
+ - open-xchange <itp> (bug #269329)
CVE-2016-6841
RESERVED
CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
@@ -22340,7 +22340,7 @@
CVE-2016-6821
RESERVED
CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions
before ...)
- TODO: check
+ NOT-FOR-US: MetroCluster Tiebreaker
CVE-2016-6819
RESERVED
CVE-2016-6818
@@ -22480,7 +22480,7 @@
NOTE:
https://git.kernel.org/linus/82939d7999dfc1f1998c4b1c12e2f19edbdff272 (v4.6-rc1)
NOTE:
https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
CVE-2015-8951 (Multiple use-after-free vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before
7.0.2-10 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
@@ -22494,13 +22494,13 @@
CVE-2016-6792
RESERVED
CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx
library ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx
library ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C
driver ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux
kernel ...)
- linux 4.0.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
@@ -22508,27 +22508,27 @@
- linux 4.0.2-1
NOTE: Fixed by:
https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec
driver ...)
- TODO: check
+ NOT-FOR-US: HTC driver for Android
CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec
driver ...)
- TODO: check
+ NOT-FOR-US: HTC driver for Android
CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec
driver ...)
- TODO: check
+ NOT-FOR-US: HTC driver for Android
CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU
driver could ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU
driver could ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU
driver could ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6774 (An information disclosure vulnerability in Package Manager
could ...)
TODO: check
CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder
in ...)
@@ -22556,33 +22556,33 @@
CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive
library ...)
TODO: check
CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media
codecs could ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media
codecs could ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media
codecs could ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media
codecs could ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android
5.0.x ...)
- TODO: check
+ NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components,
...)
TODO: check
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6750 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6749 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components
...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android
before ...)
TODO: check
CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU
driver in ...)
@@ -22596,31 +22596,31 @@
CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics
touchscreen ...)
TODO: check
CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6739 (An elevation of privilege vulnerability in the Qualcomm camera
driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto
engine ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION
subsystem in ...)
TODO: check
CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6734 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6733 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6732 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6731 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6730 (An elevation of privilege vulnerability in the NVIDIA GPU
driver in ...)
- TODO: check
+ NOT-FOR-US: Nvidia driver for Android
CVE-2016-6729 (An elevation of privilege vulnerability in the Qualcomm
bootloader in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION
subsystem in ...)
NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
NOTE: https://www.vusec.net/projects/drammer/
@@ -22629,7 +22629,7 @@
CVE-2016-6726
RESERVED
CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto
driver in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service
in ...)
TODO: check
CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in
Android 4.x ...)
@@ -22844,19 +22844,19 @@
CVE-2016-6660
RESERVED
CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before
3.6.5, ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6658
RESERVED
CVE-2016-6657 (An open redirect vulnerability has been detected with some
Pivotal ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0.
Creation ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6655
RESERVED
CVE-2016-6654
RESERVED
CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry
(PCF) ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before
1.9.6 ...)
NOT-FOR-US: Pivotal Spring Data
CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF)
before ...)
@@ -23346,13 +23346,13 @@
NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: ZOHO WebNMS
CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation
algorithm ...)
- TODO: check
+ NOT-FOR-US: ZOHO WebNMS
CVE-2016-6601 (Directory traversal vulnerability in the file download
functionality ...)
- TODO: check
+ NOT-FOR-US: ZOHO WebNMS
CVE-2016-6600 (Directory traversal vulnerability in the file upload
functionality in ...)
- TODO: check
+ NOT-FOR-US: ZOHO WebNMS
CVE-2016-6599
RESERVED
CVE-2016-6598
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
