Author: jmm
Date: 2017-02-20 21:32:21 +0000 (Mon, 20 Feb 2017)
New Revision: 49084
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-20 21:10:12 UTC (rev 49083)
+++ data/CVE/list 2017-02-20 21:32:21 UTC (rev 49084)
@@ -34427,20 +34427,21 @@
CVE-2016-3775 (The kernel filesystem implementation in Android before
2016-07-05 on ...)
TODO: check
CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
- TODO: check
+ NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3773 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
- TODO: check
+ NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3772 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
- TODO: check
+ NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3771 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
- TODO: check
+ NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3770 (The MediaTek drivers in Android before 2016-07-05 on Android
One ...)
- TODO: check
+ NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3769 (The NVIDIA video driver in Android before 2016-07-05 on Nexus 9
...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Android
CVE-2016-3768 (The Qualcomm performance component in Android before 2016-07-05
on ...)
- TODO: check
+ NOT-FOR-US: Qualcomm drivers for Android
CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on
Android One ...)
+ NOT-FOR-US: MediaTek drivers for Android
TODO: check
CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android
4.x ...)
NOT-FOR-US: libstagefright
@@ -34720,7 +34721,7 @@
CVE-2016-3678 (Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches
with ...)
NOT-FOR-US: Huawei
CVE-2016-3677 (The Huawei Wear App application before 15.0.0.307 for Android
does not ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2016-3676 (Huawei E3276s USB modems with software before ...)
NOT-FOR-US: Huawei
CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with
software ...)
@@ -34746,7 +34747,7 @@
CVE-2016-3671
RESERVED
CVE-2016-3670 (Cross-site scripting (XSS) vulnerability in users.jsp in the
Profile ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2016-3669
RESERVED
CVE-2016-3668
@@ -34993,11 +34994,11 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3613 (Unspecified vulnerability in the Oracle Secure Global Desktop
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-3612 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
TODO: check
CVE-2016-3611 (Unspecified vulnerability in the Oracle Retail Order Broker
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE
Embedded ...)
- openjdk-8 8u102-b14-1
TODO: check, according to Matthias and Tiago as well in OpenJDK7?
@@ -42245,19 +42246,19 @@
CVE-2016-1422
RESERVED
CVE-2016-1421 (The web application on Cisco IP 8800 devices allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1420 (The installation component on Cisco Application Policy
Infrastructure ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1419 (Cisco Access Point devices with software 8.2(102.43) allow
remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i,
1850e, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka
10.6.0.10602) ...)
NOT-FOR-US: Cisco Prime
CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is
enabled, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1414
RESERVED
CVE-2016-1413 (The web interface in Cisco Firepower Management Center 5.4.0
through ...)
@@ -42265,13 +42266,13 @@
CVE-2016-1412
RESERVED
CVE-2016-1411 (A vulnerability in the update functionality of Cisco AsyncOS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote
...)
NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
NOT-FOR-US: Cisco
CVE-2016-1408 (Cisco Prime Infrastructure 1.2 through 3.1 and Evolved
Programmable ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport
Services ...)
NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1
and ...)
@@ -42291,43 +42292,43 @@
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA,
15.2(2)EA1, ...)
NOT-FOR-US: Cisco
CVE-2016-1398 (Buffer overflow in the web-based management interface on Cisco
RV110W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1397 (Buffer overflow in the web-based management interface on Cisco
RV110W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1396 (Cross-site scripting (XSS) vulnerability in the web-based
management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1395 (The web-based management interface on Cisco RV110W devices with
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1394 (Cisco Firepower System Software 6.0.0 through 6.1.0 has a
hardcoded ...)
NOT-FOR-US: Cisco Firepower System Software
CVE-2016-1393 (SQL injection vulnerability in Cisco Cloud Network Automation
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration
Assurance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server
(CWMS) 2.6 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1387 (The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0,
7.3.1, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1385 (The XML parser in Cisco Adaptive Security Appliance (ASA)
Software ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE
3.2 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security
Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web
Security ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162
on Web ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance
(WSA) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1379 (Cisco Adaptive Security Appliance (ASA) Software 9.0 through
9.5.1 ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote
...)
@@ -42339,9 +42340,9 @@
CVE-2016-1375 (Cross-site scripting (XSS) vulnerability in Cisco IP
Interoperability ...)
NOT-FOR-US: Cisco
CVE-2016-1374 (The web framework in Cisco Unified Computing System (UCS)
Performance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1373 (The gadgets-integration API in Cisco Finesse 8.5(1) through
8.5(5), ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1372 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote
attackers to ...)
{DLA-546-1}
- clamav 0.99.2+dfsg-1
@@ -42355,23 +42356,23 @@
NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
NOTE:
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security
...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1368 (Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1367 (The DHCPv6 relay implementation in Cisco Adaptive Security
Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on
...)
NOT-FOR-US: Cisco IOS XR
CVE-2016-1365 (The Grapevine update process in Cisco Application Policy ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before
7.4.130.0(MD) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco
Wireless LAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1362 (Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on
Wireless ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000
...)
NOT-FOR-US: Cisco
CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses
the same ...)
@@ -42403,27 +42404,27 @@
CVE-2016-1347 (The Wide Area Application Services (WAAS) Express
implementation in ...)
NOT-FOR-US: Cisco IOS
CVE-2016-1346 (The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18)
on ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA
with ...)
NOT-FOR-US: Cisco Firepower
CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS
XE 3.3 ...)
NOT-FOR-US: Cisco IOS
CVE-2016-1343 (The XML parser in Cisco Information Server (CIS) 6.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1342 (The device login page in Cisco FirePOWER Management Center 5.3
through ...)
NOT-FOR-US: Cisco
CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus
2000 ...)
NOT-FOR-US: Cisco
CVE-2016-1340 (Heap-based buffer overflow in Cisco Unified Computing System
(UCS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1339 (Cisco Unified Computing System (UCS) Platform Emulator
2.5(2)TS4, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and
X8.5.2 ...)
NOT-FOR-US: Cisco
CVE-2016-1337 (Cisco EPC3928 devices allow remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1336 (goform/Docsis_system on Cisco EPC3928 devices allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and
20.x ...)
NOT-FOR-US: Cisco StarOS
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with
firmware ...)
@@ -42439,7 +42440,7 @@
CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000
devices and ...)
NOT-FOR-US: Cisco Nexus
CVE-2016-1328 (goform/WClientMACList on Cisco EPC3928 devices allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203
devices ...)
NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with
firmware r1 ...)
@@ -42469,7 +42470,7 @@
CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2016-1313 (Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS
Invicta ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control
...)
NOT-FOR-US: Cisco
CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
@@ -42513,9 +42514,9 @@
CVE-2016-1292
RESERVED
CVE-2016-1291 (Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco
Evolved ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2)
and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2016-1289 (The API in Cisco Prime Infrastructure 1.2 through 3.0 and
Evolved ...)
NOT-FOR-US: Cisco Prime
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and
9.x ...)
@@ -42593,7 +42594,7 @@
CVE-2016-1282
RESERVED
CVE-2016-1281 (Untrusted search path vulnerability in the installer for
TrueCrypt 7.2 ...)
- TODO: check
+ NOT-FOR-US: Truecrypt
CVE-2015-8742 (The dissect_CPMSetBindings function in
epan/dissectors/packet-mswsp.c ...)
- wireshark 2.0.1+g59ea380-1
[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -43376,13 +43377,13 @@
CVE-2015-8684 (Exponent CMS before 2.3.7 does not properly restrict the types
of ...)
NOT-FOR-US: Exponent CMS
CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software
GRA-UL00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software
GRA-TL00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8680 (The Graphics driver in Huawei P8 smartphones with software
GRA-TL00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8679 (The (1) ION and (2) Maxim_smartpa_dev drivers in Huawei P8
smartphones ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8678
RESERVED
CVE-2015-8677 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI
Campus ...)
@@ -43492,7 +43493,7 @@
- krb5 1.13.2+dfsg-5 (bug #813296)
NOTE: Fixed by:
https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
CVE-2015-8620 (Heap-based buffer overflow in the Avast virtualization driver
...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2015-8669 (libraries/config/messages.inc.php in phpMyAdmin 4.0.x before
...)
- phpmyadmin 4:4.5.3.1-1 (unimportant)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -43567,11 +43568,11 @@
CVE-2016-1116 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1115 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and
2016 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1114 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and
2016 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1113 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10
before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1112 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1111 (Double free vulnerability in Adobe Reader and Acrobat before
11.0.14, ...)
@@ -43615,11 +43616,11 @@
CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat
before ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before
...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat
before ...)
@@ -43725,11 +43726,11 @@
CVE-2016-1037 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat
Reader DC ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1036 (Cross-site scripting (XSS) vulnerability in Adobe Analytics ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1035 (Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries,
which ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1034 (The Sync Process in the JavaScript API for Creative Cloud
Libraries in ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2016-1033 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x
before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2016-1032 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x
before ...)
@@ -44115,7 +44116,7 @@
CVE-2016-0914 (EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before
Patch 02, ...)
NOT-FOR-US: EMC Documentum WebTop and WebTop Clients
CVE-2016-0913 (The client in EMC Replication Manager (RM) before ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-0912 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote
...)
NOT-FOR-US: EMC Data Domain OS
CVE-2016-0911 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default
...)
@@ -44147,9 +44148,9 @@
CVE-2016-0898
RESERVED
CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x
before ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and
1.7.x ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote
attackers ...)
NOT-FOR-US: EMC
CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote
...)
@@ -44167,7 +44168,7 @@
CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for
configuration ...)
NOT-FOR-US: EMC Documentum D2
CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before
4.1.5, ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2016-0886 (EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12
allows ...)
NOT-FOR-US: EMC Documentum
CVE-2016-0885
@@ -44175,7 +44176,7 @@
CVE-2016-0884
RESERVED
CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x
before ...)
- TODO: check
+ NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11
allows ...)
NOT-FOR-US: EMC Documentum
CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11
allows ...)
@@ -44244,15 +44245,15 @@
CVE-2016-0880
RESERVED
CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete
copies ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote
...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-0877 (Memory leak on Moxa Secure Router EDR-G903 devices before
3.4.12 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-0876 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote
...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-0875 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote
...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2016-0874
RESERVED
CVE-2016-0873
@@ -44260,9 +44261,9 @@
CVE-2016-0872
RESERVED
CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: Eaton Lighting EG2 Web Control
CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows
remote ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11
allows ...)
NOT-FOR-US: MICROSYS PROMOTIC
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation
Allen-Bradley ...)
@@ -45076,15 +45077,15 @@
CVE-2015-8541
RESERVED
CVE-2016-0700 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0699 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0698 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0697 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77; ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
@@ -45098,13 +45099,13 @@
CVE-2016-0692 (Unspecified vulnerability in the DataStore component in Oracle
...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0691 (Unspecified vulnerability in the RDBMS Security component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0690 (Unspecified vulnerability in the RDBMS Security component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0689 (Unspecified vulnerability in the DataStore component in Oracle
...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and
8u77 and ...)
{DSA-3558-1 DLA-451-1}
- openjdk-8 8u91-b14-1
@@ -45118,29 +45119,29 @@
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS
...)
NOT-FOR-US: Oracle Retail
CVE-2016-0683 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0682 (Unspecified vulnerability in the DataStore component in Oracle
...)
NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0681 (Unspecified vulnerability in the Oracle OLAP component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0680 (Unspecified vulnerability in the PeopleSoft Enterprise SCM
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0679 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0678 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 5.0.18-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-0677 (Unspecified vulnerability in the RDBMS Security component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0676 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local
users ...)
NOT-FOR-US: Solaris
CVE-2016-0675 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0674 (Unspecified vulnerability in the Siebel Core - Common
Components ...)
NOT-FOR-US: Siebel
CVE-2016-0673 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
@@ -45148,7 +45149,7 @@
CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
...)
NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0670
RESERVED
CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows
local ...)
@@ -45309,7 +45310,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0637
RESERVED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and
8u74 ...)
@@ -45738,7 +45739,7 @@
CVE-2016-0480 (Unspecified vulnerability in the Oracle Application Testing
Suite ...)
NOT-FOR-US: Oracle
CVE-2016-0479 (Unspecified vulnerability in the Oracle Business Intelligence
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0478 (Unspecified vulnerability in the Oracle Application Testing
Suite ...)
NOT-FOR-US: Oracle
CVE-2016-0477 (Unspecified vulnerability in the Oracle Application Testing
Suite ...)
@@ -45760,7 +45761,7 @@
CVE-2016-0469 (Unspecified vulnerability in the Oracle Retail MICROS C2
component in ...)
NOT-FOR-US: Oracle Retail
CVE-2016-0468 (Unspecified vulnerability in the Oracle Business Intelligence
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle
Database ...)
NOT-FOR-US: Oracle
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and
...)
@@ -45888,9 +45889,9 @@
CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
Global ...)
NOT-FOR-US: Oracle
CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2016-0407 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
NOT-FOR-US: PeopleSoft
CVE-2016-0406 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
NOT-FOR-US: Oracle
@@ -45937,37 +45938,37 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
CVE-2016-0400 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale
7.1.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0399 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0398 (IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint
Manager) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0395
RESERVED
CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server
2.0.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do
not ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics
Algo One ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0389 (Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0388
RESERVED
CVE-2016-0387 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA
Application ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0385 (Buffer overflow in IBM WebSphere Application Server (WAS) 7.0
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0384
RESERVED
CVE-2016-0383
@@ -45975,15 +45976,15 @@
CVE-2016-0382
RESERVED
CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0380 (IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4
iFix073 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0379 (IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5
mishandles ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0378 (IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3,
when ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server
(WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK,
Java ...)
NOT-FOR-US: IBM
CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x
through ...)
@@ -45993,11 +45994,11 @@
CVE-2016-0373
RESERVED
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before
iFix8, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in
plain ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms
Experience ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0369
RESERVED
CVE-2016-0368
@@ -46017,13 +46018,13 @@
CVE-2016-0361 (IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29
efix 6 and ...)
NOT-FOR-US: IBM General Parallel File System
CVE-2016-0360 (IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client
provides ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application
Server (WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0358
RESERVED
CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0356
RESERVED
CVE-2016-0355
@@ -46031,13 +46032,13 @@
CVE-2016-0354
RESERVED
CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8,
when ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0352
RESERVED
CVE-2016-0351
RESERVED
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7
before ...)
NOT-FOR-US: IBM
CVE-2016-0348
@@ -46045,7 +46046,7 @@
CVE-2016-0347
RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0345
RESERVED
CVE-2016-0344
@@ -46057,11 +46058,11 @@
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1
and B2B ...)
NOT-FOR-US: IBM
CVE-2016-0340 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0339 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0337
RESERVED
CVE-2016-0336
@@ -46075,19 +46076,19 @@
CVE-2016-0332
RESERVED
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team
Concert ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0329
RESERVED
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before
p310, 9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0327
RESERVED
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before
iFix8, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0324
RESERVED
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix
before ...)
@@ -46095,95 +46096,95 @@
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0
...)
NOT-FOR-US: IBM
CVE-2016-0321 (IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and
12.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0320 (IBM UrbanCode Deploy could allow an authenticated user to
modify Ucd ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0319 (The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz
Reporting ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0318 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0317 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0316 (Cross-site scripting (XSS) vulnerability in Lifecycle Query
Engine ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0315 (The Report Builder and Data Collection Component (DCC) in IBM
Jazz ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0314 (The Report Builder and Data Collection Component (DCC) in IBM
Jazz ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0313 (Cross-site scripting (XSS) vulnerability in the Report Builder
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0312
RESERVED
CVE-2016-0311
RESERVED
CVE-2016-0310 (IBM Connections 5.5 and earlier is vulnerable to possible host
header ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0309
RESERVED
CVE-2016-0308 (IBM Connections 5.5 and earlier is vulnerable to possible link
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0307 (IBM Connections 5.5 and earlier allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0306 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0305 (IBM Connections is vulnerable to cross-site scripting, caused
by ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and
9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0303
RESERVED
CVE-2016-0302
RESERVED
CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM
Domino ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0300
RESERVED
CVE-2016-0299
RESERVED
CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium
Database ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM)
could ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM)
stores ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0295
RESERVED
CVE-2016-0294
RESERVED
CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint
Manager) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0291
RESERVED
CVE-2016-0290
RESERVED
CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before
9.0.3.2 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover
registry ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0286
RESERVED
CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect
(OIDC) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0282 (Cross-site scripting (XSS) vulnerability in IBM iNotes before
8.5.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0281 (The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS
2.2.x, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0280 (Cross-site scripting (XSS) vulnerability in IBM Information
Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0279 (Heap-based buffer overflow in the KeyView PDF filter in IBM
Domino ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM
Domino ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM
Domino ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0276
RESERVED
CVE-2016-0275
@@ -46191,35 +46192,35 @@
CVE-2016-0274
RESERVED
CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational
Collaborative ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0272
RESERVED
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix
Pack 5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform
9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0268
RESERVED
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before
6.1.3.3, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to
the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by
improper ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK,
Java ...)
NOT-FOR-US: IBM JDK
CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2
and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0261
RESERVED
CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0258
RESERVED
CVE-2016-0257
@@ -46233,19 +46234,19 @@
CVE-2016-0253
RESERVED
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling
Control ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0251
RESERVED
CVE-2016-0250
RESERVED
CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database
Activity ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100
allows ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0247 (IBM Security Guardium 8.2 before p310, 9.x through 9.5 before
p700, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0246 (Cross-site scripting (XSS) vulnerability in IBM Security
Guardium 8.2 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1
CF20 and ...)
NOT-FOR-US: IBM
CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal ...)
@@ -46253,19 +46254,19 @@
CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal ...)
NOT-FOR-US: IBM
CVE-2016-0242 (IBM Security Guardium 10.x through 10.1 before p100 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0241 (IBM Security Guardium Database Activity Monitor 8.2 before
p310, 9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0240 (IBM Security Guardium Database Activity Monitor 8.2 before
p310, 9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0238
RESERVED
CVE-2016-0237
RESERVED
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before
p310, 9.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0235
RESERVED
CVE-2016-0234
@@ -46277,7 +46278,7 @@
CVE-2016-0231 (IBM Financial Transaction Manager (FTM) for ACH Services, Check
...)
NOT-FOR-US: IBM
CVE-2016-0230 (IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0
SP7, 7.9 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0229 (Cross-site scripting (XSS) vulnerability in IBM Marketing
Platform ...)
NOT-FOR-US: IBM
CVE-2016-0228
@@ -46285,7 +46286,7 @@
CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list
control ...)
NOT-FOR-US: IBM
CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server
11.70.xCn on ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through
7.0.0.9 ...)
NOT-FOR-US: IBM
CVE-2016-0224 (SQL injection vulnerability in IBM Marketing Platform 8.5.x,
8.6.x, ...)
@@ -46295,45 +46296,45 @@
CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows
remote ...)
NOT-FOR-US: IBM
CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as
used in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0220
RESERVED
CVE-2016-0219
RESERVED
CVE-2016-0218 (IBM Cognos TM1 is vulnerable to cross-site scripting, caused by
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager
FastBack 5.5 ...)
NOT-FOR-US: IBM
CVE-2016-0215
RESERVED
CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to
upload ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager
FastBack 5.5 ...)
NOT-FOR-US: IBM
CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager
FastBack 5.5 ...)
NOT-FOR-US: IBM
CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5
through FP7 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0210 (IBM Sterling B2B Integrator Standard Edition could allow a
remote ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 8.5.0 ...)
NOT-FOR-US: IBM
CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through
7.0.0.9, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0207
RESERVED
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0205
RESERVED
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x
before ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud
Orchestrator task ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0202 (A vulnerability has been identified in tasks, backend object
generated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7
and ...)
NOT-FOR-US: IBM
CVE-2015-8538 [a out of bound read bug is found in libdwarf]
@@ -46352,7 +46353,7 @@
CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access
...)
NOT-FOR-US: IBM
CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an
ActiveX ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2015-8529
RESERVED
CVE-2015-8528
@@ -46608,7 +46609,7 @@
CVE-2016-0127 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word
2013 ...)
NOT-FOR-US: Microsoft Word
CVE-2016-0126 (Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows
remote ...)
NOT-FOR-US: Microsoft
CVE-2016-0124 (Microsoft Edge allows remote attackers to execute arbitrary
code or ...)
@@ -46680,11 +46681,11 @@
CVE-2016-0091 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
R2 ...)
NOT-FOR-US: Microsoft
CVE-2016-0090 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0089 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and
R2, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0088 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and
R2, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0087 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2
SP1, and ...)
NOT-FOR-US: Microsoft
CVE-2016-0086
@@ -46702,7 +46703,7 @@
CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message
dispatch ...)
NOT-FOR-US: Microsoft
CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows
local ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-0078
RESERVED
CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge
misparse ...)
@@ -47146,7 +47147,7 @@
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
NOTE: https://github.com/proftpd/proftpd/pull/171
CVE-2015-8376 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony
CMS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC
Kea, ...)
- isc-kea <not-affected> (Fixed before the initial version uploaded to
Debian)
CVE-2015-8372
@@ -47394,7 +47395,7 @@
CVE-2015-8323
RESERVED
CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2015-8326 [Use of predictable names for temporary files]
RESERVED
- libiptables-parse-perl 1.6-1
@@ -47432,9 +47433,9 @@
CVE-2015-8321
RESERVED
CVE-2015-8319 (Heap-based buffer overflow in the HIFI driver in Huawei P8
smartphones ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8
smartphones ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to
cause a ...)
NOT-FOR-US: ms for Node.js
CVE-2015-8314
@@ -47457,13 +47458,13 @@
CVE-2015-8309
RESERVED
CVE-2015-8307 (The Graphics driver in Huawei P8 smartphones with software
GRA-TL00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8306 (Buffer overflow in the HIFI driver in Huawei P8 phones with
software ...)
NOT-FOR-US: Huawei
CVE-2015-8305 (Huawei Sophia-L10 smartphones with software before
P7-L10C900B852 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8304 (Integer overflow in Huawei P7 phones with software before
P7-L07 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8303 (Huawei Document Security Management (DSM) with software before
...)
NOT-FOR-US: Huawei
CVE-2015-8302
@@ -47554,7 +47555,7 @@
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote
attackers ...)
NOT-FOR-US: Fisher-Price
CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5
and 7.6 ...)
- TODO: check
+ NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-8267 (The
PasswordReset.Controllers.ResetController.ChangePasswordIndex ...)
NOT-FOR-US: Dovestones
CVE-2015-8266
@@ -47841,7 +47842,7 @@
NOTE:
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
CVE-2015-8157 (SQL injection vulnerability in the Management Server in
Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in
Symantec ...)
NOT-FOR-US: Symantec
CVE-2015-8155
@@ -47987,7 +47988,7 @@
CVE-2015-8109
RESERVED
CVE-2015-8108 (The management interface in LenovoEMC EZ Media & Backup
(hm3), ...)
- TODO: check
+ NOT-FOR-US: LenovoEMC
CVE-2015-8107 [format string vulnerability]
RESERVED
- a2ps 1:4.14-1.2
@@ -48078,9 +48079,9 @@
CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software
before ...)
NOT-FOR-US: Huawei
CVE-2015-8086 (Huawei AR routers with software before V200R007C00SPC100;
Quidway ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8085 (Huawei AR routers with software before V200R007C00SPC100;
Quidway ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security
...)
NOT-FOR-US: Huawei
CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930,
U1960, ...)
@@ -48228,9 +48229,9 @@
NOTE:
https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
NOTE: https://github.com/saltstack/salt/issues/28455
CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300
version ...)
- TODO: check
+ NOT-FOR-US: Viprinet
CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300
version ...)
- TODO: check
+ NOT-FOR-US: Viprinet
CVE-2015-8075
REJECTED
CVE-2015-8033
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
