Author: jmm
Date: 2017-02-09 22:22:54 +0000 (Thu, 09 Feb 2017)
New Revision: 48813
Modified:
data/CVE/list
Log:
new gradle issue
one jpeg issue in android n/a for Debian
one chromium issue n/a
one puppet issue n/a
one putty issue n/a
some undetermined android kernel issues
bugs in ITPd android libs
lots of NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-09 22:17:43 UTC (rev 48812)
+++ data/CVE/list 2017-02-09 22:22:54 UTC (rev 48813)
@@ -12806,7 +12806,7 @@
CVE-2016-9687
RESERVED
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly
validates ...)
- TODO: check
+ - puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2017-0880
RESERVED
CVE-2017-0879
@@ -13680,7 +13680,7 @@
CVE-2017-0445 (An elevation of privilege vulnerability in the HTC touchscreen
driver ...)
NOT-FOR-US: HTC driver for Android
CVE-2017-0444 (An elevation of privilege vulnerability in the Realtek sound
driver ...)
- TODO: check
+ NOT-FOR-US: Realtek driver for Android
CVE-2017-0443 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0442 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi
driver ...)
@@ -13704,7 +13704,7 @@
CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics
touchscreen ...)
NOT-FOR-US: Synaptics driver for Android
CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver
could ...)
- TODO: check
+ NOT-FOR-US: Mediatek driver for Android
CVE-2017-0431
RESERVED
CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi
driver ...)
@@ -13714,21 +13714,21 @@
CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU
driver could ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file
system ...)
- TODO: check
+ - linux <undetermined>
CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could
enable ...)
- TODO: check
+ - linux <undetermined>
CVE-2017-0425 (An information disclosure vulnerability in Audioserver could
enable a ...)
NOT-FOR-US: Android Audioserver
CVE-2017-0424 (An information disclosure vulnerability in AOSP Messaging could
enable ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0423 (An elevation of privilege vulnerability in Bluetooth could
enable a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0422 (A denial of service vulnerability in Bionic DNS could enable a
remote ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0421 (An information disclosure vulnerability in the Framework APIs
could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0420 (An information disclosure vulnerability in AOSP Mail could
enable a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0419 (An elevation of privilege vulnerability in Audioserver could
enable a ...)
NOT-FOR-US: Android Audioserver
CVE-2017-0418 (An elevation of privilege vulnerability in Audioserver could
enable a ...)
@@ -13738,27 +13738,27 @@
CVE-2017-0416 (An elevation of privilege vulnerability in Audioserver could
enable a ...)
NOT-FOR-US: Android Audioserver
CVE-2017-0415 (An elevation of privilege vulnerability in Mediaserver could
enable a ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2017-0414 (An information disclosure vulnerability in AOSP Messaging could
enable ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0413 (An information disclosure vulnerability in AOSP Messaging could
enable ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0412 (An elevation of privilege vulnerability in the Framework APIs
could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0411 (An elevation of privilege vulnerability in the Framework APIs
could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0410 (An elevation of privilege vulnerability in the Framework APIs
could ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0409 (A remote code execution vulnerability in libstagefright could
enable ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2017-0408 (A remote code execution vulnerability in libgdx could enable an
...)
- TODO: check
+ - libgdx <itp> (bug #686673)
CVE-2017-0407 (A remote code execution vulnerability in Mediaserver could
enable an ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2017-0406 (A remote code execution vulnerability in Mediaserver could
enable an ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2017-0405 (A remote code execution vulnerability in Surfaceflinger could
enable ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound
subsystem ...)
- linux <not-affected> (Android-specific sound system)
CVE-2017-0403 (An elevation of privilege vulnerability in the kernel
performance ...)
@@ -14278,7 +14278,6 @@
RESERVED
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/105
- TODO: wait for upstream patch (report not yet public)
CVE-2016-9590
RESERVED
- puppet-module-swift 9.4.4-1 (bug #851293)
@@ -16569,7 +16568,7 @@
CVE-2016-9006
RESERVED
CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9004
RESERVED
CVE-2016-9003
@@ -16671,7 +16670,7 @@
CVE-2016-8955
RESERVED
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8953
RESERVED
CVE-2016-8952
@@ -18368,7 +18367,7 @@
CVE-2016-8415 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi
driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8414 (An information disclosure vulnerability in the Qualcomm Secure
...)
- TODO: check
+ NOT-FOR-US: Qualcomm Secure Execution Environment Communicator
CVE-2016-8413
RESERVED
CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera
could ...)
@@ -23620,7 +23619,7 @@
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android
5.0.x ...)
NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components,
...)
- TODO: check
+ - linux <undetermined>
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components
...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components
...)
@@ -23723,9 +23722,9 @@
CVE-2016-6703 (A remote code execution vulnerability in an Android runtime
library in ...)
NOT-FOR-US: Android
CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x
before ...)
- TODO: check
+ - libjpeg-turbo <not-affected> (Android-specific patch,
jpeg_open_backing_store in standard releases is just a stub)
CVE-2016-6701 (A remote code execution vulnerability in libskia in Android 7.0
before ...)
- TODO: check
+ - skia <itp> (bug #818180)
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in
Android 4.x ...)
TODO: check
CVE-2016-6699 (A remote code execution vulnerability in libstagefright in
Mediaserver ...)
@@ -24574,9 +24573,9 @@
CVE-2016-6502
RESERVED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before
1.1.1.0 in ...)
- TODO: check
+ NOT-FOR-US: ForgeRock
CVE-2016-6499
RESERVED
CVE-2016-6498
@@ -25176,7 +25175,6 @@
CVE-2016-6312
RESERVED
- apr-util <not-affected> (RHEL-5.11 specific regression)
- TODO: double-check
CVE-2016-6311
RESERVED
NOT-FOR-US: WildFly / Red Hat JBoss EAP
@@ -25278,11 +25276,11 @@
CVE-2016-6286 (The "spiffy-cgi-handlers" egg would convert a
nonexistent "Proxy" ...)
TODO: check
CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Atlassian JIRA
CVE-2016-6284
RESERVED
CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian
Confluence ...)
- TODO: check
+ NOT-FOR-US: Atlassian Confluence
CVE-2016-6282
RESERVED
CVE-2016-6281
@@ -25405,7 +25403,7 @@
NOTE:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
NOTE:
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through
6.1.5, ...)
- TODO: check
+ NOT-FOR-US: mail.local in NetBSD
CVE-2016-1000218
RESERVED
- kibana <itp> (bug #700337)
@@ -25885,7 +25883,7 @@
CVE-2016-6200
RESERVED
CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers
to ...)
- TODO: check
+ - gradle <unfixed>
CVE-2016-6196
RESERVED
CVE-2016-6195 (SQL injection vulnerability in
forumrunner/includes/moderation.php in ...)
@@ -26005,7 +26003,7 @@
- python-django 1:1.9.8-1 (bug #831799)
NOTE:
https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
CVE-2016-1000009 (TP-LINK lost control of two domains, www.tplinklogin.net and
...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2016-XXXX [Insecure use of /tmp]
- leptonlib 1.73-5 (unimportant; bug #830660)
NOTE: Neutralised by kernel hardening
@@ -26091,7 +26089,7 @@
CVE-2016-6168
RESERVED
CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta
0.67 ...)
- TODO: check
+ - putty <not-affected> (Windows-specific)
CVE-2016-6166
RESERVED
CVE-2016-6165
@@ -26236,15 +26234,15 @@
CVE-2016-6127
RESERVED
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses
answers to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6121
RESERVED
CVE-2016-6120
@@ -26254,21 +26252,21 @@
CVE-2016-6118
RESERVED
CVE-2016-6117 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed
with ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6116 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer
overflow. A ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6114
RESERVED
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6112
RESERVED
CVE-2016-6111
RESERVED
CVE-2016-6110 (IBM Tivoli Storage Manager undisclosed unencrypted login
credentials ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6109
RESERVED
CVE-2016-6108
@@ -26278,11 +26276,11 @@
CVE-2016-6106
RESERVED
CVE-2016-6105 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6104 (IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6102
RESERVED
CVE-2016-6101
@@ -26290,25 +26288,25 @@
CVE-2016-6100
RESERVED
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6098
RESERVED
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web
pages ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6095 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates
an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6093
RESERVED
CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores
user ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6091
REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability
that ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6089
RESERVED
CVE-2016-6088
@@ -26318,17 +26316,17 @@
CVE-2016-6086
RESERVED
CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local
network to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local
network to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6083
RESERVED
CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute
arbitrary ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6081
RESERVED
CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows
directory ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6079
RESERVED
CVE-2016-6078
@@ -26344,7 +26342,7 @@
CVE-2016-6073
RESERVED
CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site
scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6071
RESERVED
CVE-2016-6070
@@ -26352,13 +26350,13 @@
CVE-2016-6069
RESERVED
CVE-2016-6068 (IBM UrbanCode Deploy could allow an authenticated user with
access to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6067
RESERVED
CVE-2016-6066
RESERVED
CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could
allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6064
RESERVED
CVE-2016-6063
@@ -26366,11 +26364,11 @@
CVE-2016-6062
RESERVED
CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6060
RESERVED
CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6058
RESERVED
CVE-2016-6057
@@ -26380,7 +26378,7 @@
CVE-2016-6055
RESERVED
CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6053
RESERVED
CVE-2016-6052
@@ -26394,23 +26392,23 @@
CVE-2016-6048
RESERVED
CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local
user to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6041
RESERVED
CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take
over a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli
...)
NOT-FOR-US: Tivoli
CVE-2016-6037
@@ -26420,19 +26418,19 @@
CVE-2016-6035
RESERVED
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware)
could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6033
RESERVED
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6031
RESERVED
CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6029
RESERVED
CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to
view ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP)
3.4.2 ...)
NOT-FOR-US: IBM
CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP)
3.4.2 ...)
@@ -26448,7 +26446,7 @@
CVE-2016-6021
RESERVED
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6019
RESERVED
CVE-2016-6018
@@ -26486,9 +26484,9 @@
CVE-2016-6002
RESERVED
CVE-2016-6001 (IBM Forms Experience Builder could be susceptible to a
server-side ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5999
RESERVED
CVE-2016-5998
@@ -26500,35 +26498,35 @@
CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through
FP11, 10.1 ...)
NOT-FOR-US: IBM
CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that
would ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5993
RESERVED
CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before
4.6.0.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before
4.6.0.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance
allows an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5989
RESERVED
CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance
could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before
7.5.0.10 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43,
8.0.x ...)
NOT-FOR-US: IBM
CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX
client is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0
before ...)
NOT-FOR-US: IBM
CVE-2016-5982
RESERVED
CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet
Workplace XT ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5979
RESERVED
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the
web ...)
@@ -26552,15 +26550,15 @@
CVE-2016-5969
RESERVED
CVE-2016-5968 (The Replay Server in IBM Tealeaf Customer Experience 8.x before
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA)
6.1.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5965
RESERVED
CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance
version ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual
Appliance 2.x ...)
NOT-FOR-US: IBM
CVE-2016-5962
@@ -26572,27 +26570,27 @@
CVE-2016-5959
RESERVED
CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual
Appliance 2.x ...)
NOT-FOR-US: IBM
CVE-2016-5956
RESERVED
CVE-2016-5955 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS
Next ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through
6.1.5.3 ...)
NOT-FOR-US: IBM
CVE-2016-5953 (IBM Sterling Order Management transmits the session identifier
within ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL
injection. A ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in
plain in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated
user to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity
Center) ...)
NOT-FOR-US: IBM
CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control
(formerly ...)
@@ -26604,23 +26602,23 @@
CVE-2016-5943 (IBM Spectrum Control (formerly Tivoli Storage Productivity
Center) ...)
NOT-FOR-US: IBM
CVE-2016-5942 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5941 (IBM Kenexa LMS on Cloud could allow a remote attacker to
traverse ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5940 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting.
This ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5938 (IBM Kenexa LMS on Cloud allows web pages to be stored locally
which ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site
request ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5936
RESERVED
CVE-2016-5935 (IBM Jazz for Service Management could allow a remote attacker
to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5933
RESERVED
CVE-2016-5932
@@ -26652,7 +26650,7 @@
CVE-2016-5919
RESERVED
CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the
encrypted ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5917
RESERVED
CVE-2016-5916
@@ -26678,25 +26676,25 @@
CVE-2016-5906
RESERVED
CVE-2016-5905 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5904
RESERVED
CVE-2016-5903
RESERVED
CVE-2016-5902 (IBM Maximo Asset Management is vulnerable to cross-site
scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5901 (Cross-site scripting (XSS) vulnerability in a test page in IBM
...)
NOT-FOR-US: IBM
CVE-2016-5900 (IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker
to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML
injection. A ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive
information from ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5895
RESERVED
CVE-2016-5894
@@ -26708,7 +26706,7 @@
CVE-2016-5891
RESERVED
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5889
RESERVED
CVE-2016-5888
@@ -26720,15 +26718,15 @@
CVE-2016-5885
RESERVED
CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5883
RESERVED
CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5881 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local
users ...)
NOT-FOR-US: IBM
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2
before ...)
@@ -26833,7 +26831,7 @@
CVE-2016-5853
RESERVED
CVE-2016-5852 (For the NVIDIA Quadro, NVS, and GeForce products, GFE
GameStream and ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup
service ...)
NOT-FOR-US: Huawei
CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http
before ...)
@@ -26862,7 +26860,7 @@
CVE-2016-5830
RESERVED
CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before
...)
NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
@@ -26878,7 +26876,7 @@
CVE-2016-5815
RESERVED
CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter
Lite, ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2016-5813
RESERVED
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211,
and ...)
@@ -26920,7 +26918,7 @@
CVE-2016-5794
RESERVED
CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC
Server ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows
remote ...)
NOT-FOR-US: Moxa
CVE-2016-5791
@@ -26930,7 +26928,7 @@
CVE-2016-5789
RESERVED
CVE-2016-5788 (General Electric (GE) Bently Nevada 3500/22M USB with firmware
before ...)
- TODO: check
+ NOT-FOR-US: General Electric (GE) Bently Nevada
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY
before ...)
NOT-FOR-US: CIMPLICITY
CVE-2016-5786
@@ -26964,7 +26962,7 @@
CVE-2016-5764 (Micro Focus Rumba FTP 4.X client buffer overflow makes it
possible to ...)
NOT-FOR-US: Micro Focus Rumba
CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1
before ...)
- TODO: check
+ NOT-FOR-US: Novell Open Enterprise Server
CVE-2016-5762
RESERVED
CVE-2016-5761
@@ -27293,7 +27291,7 @@
CVE-2016-5741
RESERVED
CVE-2016-5740 (An issue was discovered in Open-Xchange OX App Suite before ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange
CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before
...)
{DSA-3627-1 DLA-551-1}
- phpmyadmin 4:4.6.3-1
@@ -27356,7 +27354,7 @@
CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra
...)
NOT-FOR-US: Zimbra
CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft
Skype ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2016-5719
RESERVED
CVE-2016-5718
@@ -27374,7 +27372,7 @@
CVE-2016-5712
RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1
uses a ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-5710
RESERVED
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak
...)
@@ -27425,7 +27423,7 @@
CVE-2016-5686 (Johnson & Johnson Animas OneTouch Ping devices mishandle
...)
TODO: check
CVE-2016-5685 (Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40
allow ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the
XMP ...)
{DSA-3692-1 DLA-647-1}
- freeimage 3.17.0+ds1-3 (bug #839827)
@@ -27471,11 +27469,11 @@
CVE-2016-5665
RESERVED
CVE-2016-5664 (Directory traversal vulnerability on Accellion Kiteworks
appliances ...)
- TODO: check
+ NOT-FOR-US: Accellion Kiteworks
CVE-2016-5663 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Accellion Kiteworks
CVE-2016-5662 (Accellion Kiteworks appliances before kw2016.03.00 use
setuid-root ...)
- TODO: check
+ NOT-FOR-US: Accellion Kiteworks
CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the
client to ...)
NOT-FOR-US: Accela
CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in
AttachmentsList.aspx in ...)
@@ -27695,13 +27693,13 @@
CVE-2016-5604 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
NOT-FOR-US: Oracle
CVE-2016-5603 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5602 (Unspecified vulnerability in the Oracle Data Integrator
component in ...)
NOT-FOR-US: Oracle
CVE-2016-5601 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
NOT-FOR-US: Oracle
CVE-2016-5600 (Unspecified vulnerability in the PeopleSoft Enterprise SCM
Services ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5599 (Unspecified vulnerability in the Oracle Advanced Supply Chain
Planning ...)
NOT-FOR-US: Oracle
CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component
2.1.3 and ...)
@@ -27721,7 +27719,7 @@
CVE-2016-5595 (Unspecified vulnerability in the Oracle Customer Interaction
History ...)
NOT-FOR-US: Oracle
CVE-2016-5594 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5593 (Unspecified vulnerability in the Oracle Customer Interaction
History ...)
NOT-FOR-US: Oracle
CVE-2016-5592 (Unspecified vulnerability in the Oracle Customer Interaction
History ...)
@@ -27871,7 +27869,7 @@
CVE-2016-5544 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3
allows ...)
NOT-FOR-US: Solaris
CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise
Limits and ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
{DSA-3707-1 DLA-704-1}
- openjdk-8 8u111-b14-1
@@ -27883,9 +27881,9 @@
CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL
...)
NOT-FOR-US: MySQL Cluster
CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5539 (Unspecified vulnerability in the Oracle Retail Xstore Payment
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5538 (Unspecified vulnerability in the Oracle VM VirtualBox component
before ...)
- virtualbox 5.1.8-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -27900,15 +27898,15 @@
CVE-2016-5534 (Unspecified vulnerability in the Siebel Apps - Customer Order
...)
NOT-FOR-US: Oracle Siebel
CVE-2016-5533 (Unspecified vulnerability in the Primavera P6 Enterprise
Project ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5532 (Unspecified vulnerability in the Oracle Shipping Execution
component ...)
NOT-FOR-US: Oracle
CVE-2016-5531 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
NOT-FOR-US: Oracle
CVE-2016-5530 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of
Oracle ...)
- glassfish <not-affected> (Vulnerable code not included, see bug
#853998)
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
@@ -27916,7 +27914,7 @@
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5525 (Unspecified vulnerability in the Solaris Cluster component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5524 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5523 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
@@ -27962,9 +27960,9 @@
CVE-2016-5504 (Unspecified vulnerability in the Oracle Agile Product Lifecycle
...)
NOT-FOR-US: Oracle
CVE-2016-5503 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit
(AK) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5502 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5501 (Unspecified vulnerability in the Oracle VM VirtualBox component
before ...)
- virtualbox 5.1.8-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -27984,13 +27982,13 @@
CVE-2016-5494
RESERVED
CVE-2016-5493 (Unspecified vulnerability in the Oracle FLEXCUBE Private
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5492 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit
(AK) ...)
TODO: check
CVE-2016-5491 (Unspecified vulnerability in the Oracle Commerce Service Center
...)
NOT-FOR-US: Oracle
CVE-2016-5490 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5489 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-5488 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
@@ -28012,7 +28010,7 @@
CVE-2016-5480 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local
users ...)
NOT-FOR-US: Solaris
CVE-2016-5479 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-5478
RESERVED
CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
@@ -29095,7 +29093,7 @@
CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo
Solution ...)
NOT-FOR-US: Lenovo
CVE-2016-5247 (The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q,
...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2016-5246
RESERVED
CVE-2016-5245
@@ -29182,7 +29180,7 @@
NOTE: Fixed by:
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
NOTE: DLA-547-1 didn't fix this properly
CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in
the ...)
- TODO: check
+ NOT-FOR-US: Valve Steam
CVE-2016-5236
RESERVED
CVE-2016-5235
@@ -29809,7 +29807,7 @@
NOTE: Fixed in Google with:
https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
NOTE: https://github.com/uclouvain/openjpeg/pull/819
CVE-2016-5138 (Integer overflow in the kbasep_vinstr_attach_client function in
...)
- TODO: check
+ - chromium-browser <not-affected> (Chrome on Chrome OS)
CVE-2016-5137 (The CSPSource::schemeMatches function in ...)
{DSA-3637-1}
- chromium-browser 52.0.2743.82-1
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
