Author: jmm
Date: 2017-02-16 22:04:04 +0000 (Thu, 16 Feb 2017)
New Revision: 49015
Modified:
data/CVE/list
Log:
new web2py issues
NFUs
some android-specific Linux issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-16 21:17:29 UTC (rev 49014)
+++ data/CVE/list 2017-02-16 22:04:04 UTC (rev 49015)
@@ -30288,59 +30288,59 @@
NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
NOTE: The problem can only be triggered with recent versions of
ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is
not vulnerable, older versions are not vulnerable)
CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8892 (platform/msm_shared/boot_verifier.c in the Qualcomm components
in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8891 (Multiple integer overflows in app/aboot/aboot.c in the Qualcomm
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8890 (platform/msm_shared/partition_parser.c in the Qualcomm
components in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8889 (The aboot implementation in the Qualcomm components in Android
before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2015-8888 (Integer overflow in app/aboot/aboot.c in the Qualcomm
components in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9802 (Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9801 (Multiple integer overflows in lib/libfdt/fdt_rw.c in the
Qualcomm ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9800 (Integer overflow in lib/heap/heap.c in the Qualcomm components
in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9799 (The makefile in the Qualcomm components in Android before
2016-07-05 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9798 (platform/msm_shared/dev_tree.c in the Qualcomm bootloader in
Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9797
REJECTED
CVE-2014-9796 (app/aboot/aboot.c in the Qualcomm components in Android before
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9795 (app/aboot/aboot.c in the Qualcomm components in Android before
...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9794
REJECTED
CVE-2014-9793 (platform/msm_shared/mmc.c in the Qualcomm components in Android
before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9792 (arch/arm/mach-msm/ipc_router.c in the Qualcomm components in
Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9791
REJECTED
CVE-2014-9790 (drivers/mmc/core/debugfs.c in the Qualcomm components in
Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2014-9789 (The (1) alloc and (2) free APIs in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm
...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm
components ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9786 (Heap-based buffer overflow in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9785 (drivers/misc/qseecom.c in the Qualcomm components in Android
before ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9784 (Multiple buffer overflows in drivers/char/diag/diag_debugfs.c
in the ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9783 (drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in
the ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9782
(drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm
components ...)
TODO: check
CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components
in ...)
@@ -30528,11 +30528,11 @@
CVE-2016-5063
RESERVED
CVE-2016-5062 (The web server in Aternity 9 and earlier does not require ...)
- TODO: check
+ NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web
server ...)
- TODO: check
+ NOT-FOR-US: Aternity
CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder
before ...)
- TODO: check
+ NOT-FOR-US: nGrinder
CVE-2016-5059
RESERVED
CVE-2016-5058
@@ -31399,11 +31399,11 @@
NOTE: https://github.com/libarchive/libarchive/issues/705
NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408
(v3.2.1)
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross
Site ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS
...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File
Inclusion ...)
- TODO: check
+ - web2py <unfixed>
CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in
dotCMS ...)
NOT-FOR-US: dotCMS
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and
libcurl ...)
@@ -31508,55 +31508,55 @@
CVE-2016-4770
RESERVED
CVE-2016-4769 (WebKit in Apple iTunes before 12.5.1 on Windows and Safari
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4768 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4767 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4766 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4765 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4764
RESERVED
CVE-2016-4763 (WKWebView in WebKit in Apple iOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows,
iCloud ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4761
RESERVED
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows,
and ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4758 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows,
and ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4757
RESERVED
CVE-2016-4756
RESERVED
CVE-2016-4755 (Terminal in Apple OS X before 10.12 uses weak permissions for
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4754 (ServerDocs Server in Apple OS X Server before 5.2 supports the
RC4 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4753 (Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4752 (The SecKeyDeriveFromPassword function in Apple OS X before
10.12 does ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4751 (The Safari Tabs component in Apple Safari before 10 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4750 (S2 Camera in Apple iOS before 10 and OS X before 10.12 allows
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4748 (Perl in Apple OS X before 10.12 allows local users to bypass
the ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which
makes it ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not
properly use a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4745 (The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12
does ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4744
RESERVED
CVE-2016-4743
@@ -31564,102 +31564,102 @@
- webkit2gtk 2.14.3-1 (unimportant)
NOTE: Not covered by security support
CVE-2016-4742 (NSSecureTextField in Apple OS X before 10.12 does not enable
Secure ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4741 (The Assets component in Apple iOS before 10 allows
man-in-the-middle ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does
not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4739 (mDNSResponder in Apple OS X before 10.12, when VMnet.framework
is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4738 (libxslt in Apple iOS before 10, OS X before 10.12, tvOS before
10, and ...)
{DSA-3709-1 DLA-700-1}
- libxslt 1.1.29-2 (bug #842570)
NOTE:
https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=619006
CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before
10, and ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers
to cause ...)
TODO: check
CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4733 (WebKit in Apple iOS before 10, Safari before 10, and tvOS
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4732
RESERVED
CVE-2016-4731 (WebKit in Apple iOS before 10 and Safari before 10 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4730 (WebKit in Apple iOS before 10, Safari before 10, and tvOS
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4729 (WebKit in Apple iOS before 10 and Safari before 10 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4728 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before
12.5.1 on ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4727 (IOThunderboltFamily in Apple OS X before 10.12 allows attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4726 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12,
tvOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4725 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12,
tvOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4724 (IOAcceleratorFamily in Apple iOS before 10 and OS X before
10.12 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4723 (Intel Graphics Driver in Apple OS X before 10.12 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Intel driver for OS X
CVE-2016-4722 (The IDS - Connectivity component in Apple iOS before 10 and OS
X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4721
RESERVED
CVE-2016-4720
RESERVED
CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS
before 3 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4718 (Buffer overflow in FontParser in Apple iOS before 10, OS X
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4717 (The File Bookmark component in Apple OS X before 10.12
mishandles ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4716 (diskutil in DiskArbitration in Apple OS X before 10.12 allows
local ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4715 (The Date & Time Pref Pane component in Apple OS X before
10.12 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4714
RESERVED
CVE-2016-4713 (CoreDisplay in Apple OS X before 10.12 allows attackers to view
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4712 (CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS
before 10, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4711 (CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and
OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4710 (WindowServer in Apple OS X before 10.12 allows local users to
obtain ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4709 (WindowServer in Apple OS X before 10.12 allows local users to
obtain ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4708 (CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS
before 10, ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4707 (CFNetwork in Apple iOS before 10 and OS X before 10.12
mishandles ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4706 (cd9660 in Apple OS X before 10.12 allows local users to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain
privileges or ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain
privileges or ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4703 (Bluetooth in Apple OS X before 10.12 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4702 (Audio in Apple iOS before 10, OS X before 10.12, tvOS before
10, and ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4701 (Application Firewall in Apple OS X before 10.12 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4700 (AppleUUC in Apple OS X before 10.12 allows attackers to execute
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4699 (AppleUUC in Apple OS X before 10.12 allows attackers to execute
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4698 (AppleMobileFileIntegrity in Apple iOS before 10 and OS X before
10.12 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4697 (Apple HSSPI Support in Apple OS X before 10.12 allows attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4696 (AppleEFIRuntime in Apple OS X before 10.12 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4695
RESERVED
CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X
Server ...)
@@ -31741,7 +31741,7 @@
- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to
execute ...)
NOT-FOR-US: Apple
CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain
...)
@@ -31753,7 +31753,7 @@
CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to
obtain ...)
NOT-FOR-US: Apple
CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit
JavaScript ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4650
RESERVED
CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause
a ...)
@@ -31809,17 +31809,17 @@
CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to
execute ...)
NOT-FOR-US: Apple
CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4619 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
TODO: check
CVE-2016-4618 (Cross-site scripting (XSS) vulnerability in Safari Reader in
Apple iOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-4617
RESERVED
CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
@@ -31833,7 +31833,7 @@
CVE-2016-4612 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
TODO: check
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS
before 10 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
TODO: check
CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes
before ...)
@@ -31871,25 +31871,25 @@
CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows
...)
NOT-FOR-US: Apple
CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4590 (WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2
mishandles ...)
- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4589 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4588 (WebKit in Apple tvOS before 9.2.2 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4587 (WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4586 (WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2
allows ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4585 (Cross-site scripting (XSS) vulnerability in the WebKit Page
Loading ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4584 (The WebKit Page Loading implementation in Apple iOS before
9.3.3, ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS
before ...)
NOT-FOR-US: Apple
CVE-2016-4580 (The x25_negotiate_facilities function in
net/x25/x25_facilities.c in ...)
@@ -31921,7 +31921,7 @@
NOTE:
https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3
NOTE:
https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28
CVE-2016-4573 (Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly
traverse ...)
{DSA-3607-1}
- linux 4.5.4-1
@@ -31992,7 +31992,7 @@
- linux 4.5.3-1
NOTE: Fixed by:
https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551 (The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031
in SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-4550
RESERVED
CVE-2016-4549
@@ -32079,27 +32079,27 @@
CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote
attackers ...)
NOT-FOR-US: LeviStudio
CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in
Trihedral ...)
- TODO: check
+ NOT-FOR-US: Trihedral
CVE-2016-4531 (Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00
does not ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2016-4530 (OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: OSISoft
CVE-2016-4529 (An unspecified ActiveX control in Schneider Electric SoMachine
HVAC ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519
allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication
...)
NOT-FOR-US: ABB PCM600
CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain
...)
- TODO: check
+ NOT-FOR-US: ABB DataManagerPro
CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850
passwords ...)
NOT-FOR-US: ABB PCM600
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x
through 11.x ...)
- TODO: check
+ NOT-FOR-US: Trihedral
CVE-2016-4522 (SQL injection vulnerability in Rockwell Automation FactoryTalk
...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x
before ...)
NOT-FOR-US: Sixnet
CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System
with ...)
@@ -32619,7 +32619,7 @@
CVE-2016-4408
RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38
does not ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2016-4406
RESERVED
NOT-FOR-US: HPE iLO
@@ -32645,55 +32645,55 @@
CVE-2016-4397
RESERVED
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HPE System Management Homepage
CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows "remote
...)
- TODO: check
+ NOT-FOR-US: HPE System Management Homepage
CVE-2016-4392
RESERVED
CVE-2016-4391
RESERVED
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
- TODO: check
+ NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
- TODO: check
+ NOT-FOR-US: HPE KeyView
CVE-2016-4388 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
- TODO: check
+ NOT-FOR-US: HPE KeyView
CVE-2016-4387 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote
...)
- TODO: check
+ NOT-FOR-US: HPE KeyView
CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to
write to ...)
- TODO: check
+ NOT-FOR-US: HPE Network Automation
CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x,
10.0x ...)
- TODO: check
+ NOT-FOR-US: HPE Network Automation
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50
allow ...)
- TODO: check
+ NOT-FOR-US: HPE Performance Center
CVE-2016-4383
RESERVED
CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50
allows ...)
- TODO: check
+ NOT-FOR-US: HPE Performance Center
CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through
8.x ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4380 (Cross-site scripting (XSS) vulnerability in the AdminUI in HPE
...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4379 (The TLS implementation in HPE Integrated Lights-Out 3 (aka
iLO3) ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4378 (The (1) Device Manager, (2) Tiered Storage Manager, (3)
Replication ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4377 (HPE Smart Update in Storage Sizing Tool before 13.0, Converged
...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4376 (HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B
switches ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4375 (Multiple unspecified vulnerabilities in HPE Integrated
Lights-Out 3 ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4374 (HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005
p4 ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4373 (The AdminUI in HPE Operations Manager (OM) before 9.21.130 on
Linux, ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4372 (HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05,
iMC APM ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2016-4371 (HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34,
9.35, 9.40, ...)
NOT-FOR-US: HPE Service Manager
CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x
before ...)
@@ -32779,7 +32779,7 @@
NOTE: Ocaml applications using the patched functions need to be
recompiled with the
NOTE: fixed ocaml version.
CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2016-4339
RESERVED
CVE-2016-4338 (The mysql user parameter configuration script ...)
@@ -32790,9 +32790,9 @@
CVE-2016-4337
RESERVED
CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing
of the ...)
- TODO: check
+ NOT-FOR-US: Lexmark Document Filters
CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the
...)
- TODO: check
+ NOT-FOR-US: Lexmark Document Filters
CVE-2016-4334
RESERVED
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a
value ...)
@@ -32819,9 +32819,9 @@
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
NOTE: Fixed by:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
CVE-2016-4329 (A local denial of service vulnerability exists in window
broadcast ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS
or ...)
- TODO: check
+ NOT-FOR-US: MEDHOST Perioperative Information Management System
CVE-2016-4327 (Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement
Server ...)
TODO: check
CVE-2016-4326 (The Chef Manage (formerly opscode-manage) add-on before 1.12.0
for ...)
@@ -32839,7 +32839,7 @@
NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
NOTE: http://www.pidgin.im/news/security/?id=97
CVE-2016-4322 (BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3
allows ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2016-4321
RESERVED
CVE-2016-4320
@@ -32914,27 +32914,27 @@
CVE-2016-4299
RESERVED
CVE-2016-4298 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4297
RESERVED
CVE-2016-4296 (When opening a Hangul Hcell Document (.cell) and processing a
record ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4295 (When opening a Hangul Hcell Document (.cell) and processing a
...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a
property ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4293
RESERVED
CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a
structure ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2016-4289
RESERVED
CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks
App ...)
- TODO: check
+ NOT-FOR-US: BlueStacks
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and
19.x ...)
NOT-FOR-US: Adobe Flash
CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x
before ...)
@@ -33078,7 +33078,7 @@
CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe
CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat
Reader DC ...)
@@ -33170,19 +33170,19 @@
CVE-2016-4171 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-4170 (Cross-site scripting (XSS) vulnerability in Adobe Experience
Manager ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4169 (Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4168 (Cross-site scripting (XSS) vulnerability in Adobe Experience
Manager ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4167 (Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4166 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
...)
NOT-FOR-US: Adobe
CVE-2016-4165 (The extension manager in Adobe Brackets before 1.7 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4164 (Cross-site scripting (XSS) vulnerability in Adobe Brackets
before 1.7 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4163 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4162 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x
before ...)
@@ -33192,11 +33192,11 @@
CVE-2016-4160 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4159 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10
before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4158 (Unquoted Windows search path vulnerability in Adobe Creative
Cloud ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4157 (Untrusted search path vulnerability in the installer in Adobe
Creative ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4156 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
...)
NOT-FOR-US: Adobe
CVE-2016-4155 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
...)
@@ -33272,7 +33272,7 @@
CVE-2016-4120 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x
before ...)
NOT-FOR-US: Adobe
CVE-2016-4119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-4118 (Untrusted search path vulnerability in the add-in installer in
Adobe ...)
NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote
attackers to ...)
@@ -33347,7 +33347,7 @@
CVE-2016-4067
RESERVED
CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet
FortiWeb ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before
7.3.4 on ...)
NOT-FOR-US: Foxit
CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling
functionality ...)
@@ -33445,7 +33445,7 @@
[wheezy] - wireshark <not-affected> (Only affects 2.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy
Center ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...)
NOT-FOR-US: Huawei FusionCompute
CVE-2016-6479
@@ -33636,7 +33636,7 @@
CVE-2016-4026 (An issue was discovered in Open-Xchange OX App Suite before ...)
TODO: check
CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier
...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2016-4023
RESERVED
CVE-2016-4022
@@ -33648,7 +33648,7 @@
NOTE:
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
CVE-2016-4019 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0
allows ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not
...)
NOT-FOR-US: SAP
CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows
remote ...)
@@ -33694,7 +33694,7 @@
NOTE: Upstream fix:
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android
does not ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server ...)
NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder
function in ...)
@@ -33733,7 +33733,7 @@
CVE-2016-4000
RESERVED
CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra
...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2016-3998
RESERVED
CVE-2016-3997
@@ -33751,7 +33751,7 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the
tiffcrop ...)
{DSA-3762-1 DLA-610-1 DLA-606-1}
- tiff 4.0.7-1
@@ -33766,9 +33766,9 @@
NOTE: src:tiff3: built binary packages do not contain the TIFF tools
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2544
CVE-2016-3989 (The NTP time-server interface on Meinberg IMS-LANTIME M3000,
...)
- TODO: check
+ NOT-FOR-US: Meinberg
CVE-2016-3988 (Multiple stack-based buffer overflows in the NTP time-server
interface ...)
- TODO: check
+ NOT-FOR-US: Meinberg
CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote
web ...)
NOT-FOR-US: Trend Micro
CVE-2016-3986 (Avast allows remote attackers to cause a denial of service
(memory ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
