[Secure-testing-commits] r49304 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Feb 28 18:25:53 UTC 2017
Author: jmm
Date: 2017-02-28 18:25:53 +0000 (Tue, 28 Feb 2017)
New Revision: 49304
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-28 16:29:39 UTC (rev 49303)
+++ data/CVE/list 2017-02-28 18:25:53 UTC (rev 49304)
@@ -34963,9 +34963,9 @@
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in ...)
TODO: check
CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3878 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3877 (Unspecified vulnerability in Android before 2016-09-01 has unknown ...)
TODO: check
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before ...)
@@ -34975,7 +34975,7 @@
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in ...)
NOT-FOR-US: libstagefright
CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in ...)
@@ -35001,9 +35001,9 @@
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
TODO: check
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the ...)
TODO: check
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...)
@@ -35014,23 +35014,23 @@
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio ...)
TODO: check
CVE-2016-3855 (drivers/thermal/supply_lm_core.c in the Qualcomm components in Android ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3853 (Google Play services in Android before 2016-08-05 on Nexus devices ...)
TODO: check
CVE-2016-3852 (The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-3851 (The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X ...)
TODO: check
CVE-2016-3850 (Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in ...)
TODO: check
CVE-2016-3849 (The ION driver in Android before 2016-08-05 on Pixel C devices allows ...)
- TODO: check
+ NOT-FOR-US: ION driver for Android
CVE-2016-3848 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3847 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
- TODO: check
+ NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3846 (The Serial Peripheral Interface driver in Android before 2016-08-05 on ...)
TODO: check
CVE-2016-3845 (The video driver in the kernel in Android before 2016-08-05 on Nexus 5 ...)
@@ -35069,15 +35069,15 @@
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
NOT-FOR-US: libstagefright
CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3828 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3827 (codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in ...)
NOT-FOR-US: libstagefright
CVE-2016-3826 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3825 (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android ...)
NOT-FOR-US: libstagefright
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...)
@@ -35085,11 +35085,11 @@
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...)
TODO: check
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3820 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3819 (Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a ...)
TODO: check
CVE-2016-3817
@@ -35194,13 +35194,12 @@
NOT-FOR-US: Qualcomm drivers for Android
CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
NOT-FOR-US: MediaTek drivers for Android
- TODO: check
CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...)
NOT-FOR-US: libstagefright
CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in ...)
TODO: check
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before ...)
@@ -35216,13 +35215,13 @@
CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
TODO: check
CVE-2016-3756 (Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3755 (decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3754 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in ...)
TODO: check
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android ...)
@@ -35238,15 +35237,15 @@
CVE-2016-3746 (Use-after-free vulnerability in the mm-video-v4l2 vdec component in ...)
TODO: check
CVE-2016-3745 (Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3744 (Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in ...)
TODO: check
CVE-2016-3743 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3742 (decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3740
RESERVED
CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...)
@@ -70116,15 +70115,15 @@
CVE-2015-1006
RESERVED
CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE ...)
- TODO: check
+ NOT-FOR-US: IniNet
CVE-2015-1004
RESERVED
CVE-2015-1003 (Directory traversal vulnerability in IniNet embeddedWebServer (aka ...)
- TODO: check
+ NOT-FOR-US: IniNet
CVE-2015-1002 (IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL ...)
- TODO: check
+ NOT-FOR-US: IniNet
CVE-2015-1001 (Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka ...)
- TODO: check
+ NOT-FOR-US: IniNet
CVE-2015-1000 (Stack-based buffer overflow in the OpenForIPCamTest method in the ...)
NOT-FOR-US: SStreamVideo ActiveX control
CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
@@ -71026,7 +71025,7 @@
CVE-2015-0788
RESERVED
CVE-2015-0787 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...)
- TODO: check
+ NOT-FOR-US: NetIQ Designer for Identity Manager
CVE-2015-0786
RESERVED
CVE-2015-0785
@@ -71163,7 +71162,7 @@
CVE-2015-0722 (The network drivers in Cisco TelePresence T, Cisco TelePresence TE, ...)
NOT-FOR-US: Cisco
CVE-2015-0721 (Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2015-0720
RESERVED
CVE-2015-0719
@@ -71459,17 +71458,17 @@
CVE-2015-0574
RESERVED
CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0571 (The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0570 (Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0569 (Heap-based buffer overflow in the private wireless extensions IOCTL ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0568 (Use-after-free vulnerability in the msm_set_crop function in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0567
RESERVED
CVE-2015-0566
@@ -72709,7 +72708,7 @@
CVE-2014-9411
RESERVED
CVE-2014-9410 (The vfe31_proc_general function in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9409
RESERVED
CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
@@ -81307,7 +81306,7 @@
CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
NOT-FOR-US: Oracle Database Server
CVE-2014-6451 (J-Web in Juniper vSRX virtual firewalls with Junos OS before ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, ...)
NOT-FOR-US: Juniper Junos OS
CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, ...)
@@ -84633,7 +84632,7 @@
CVE-2014-5041
RESERVED
CVE-2014-5040 (HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus ...)
- TODO: check
+ - eucalyptus <removed>
CVE-2014-5039
RESERVED
CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or ...)
@@ -85089,7 +85088,7 @@
- wget 1.16-1 (bug #766981)
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
CVE-2014-4876 (Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical ...)
- TODO: check
+ NOT-FOR-US: Toshiba
CVE-2014-4875 (CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and ...)
NOT-FOR-US: CreateBossCredentials.jar in Toshiba CHEC
CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read ...)
@@ -85562,7 +85561,7 @@
CVE-2014-4679
RESERVED
CVE-2014-4677 (The installPackage function in the installerHelper subcomponent in ...)
- TODO: check
+ NOT-FOR-US: Libmacgpg
CVE-2014-4676
RESERVED
CVE-2014-4675
@@ -89414,7 +89413,7 @@
CVE-2014-3261 (Buffer overflow in the Smart Call Home implementation in Cisco NX-OS ...)
NOT-FOR-US: Cisco NX-OS
CVE-2014-3260 (Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the ...)
- TODO: check
+ NOT-FOR-US: Pacom
CVE-2014-3259
RESERVED
CVE-2014-3258
@@ -92457,7 +92456,7 @@
CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does ...)
NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2146 (The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
NOT-FOR-US: Cisco
CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
@@ -92807,7 +92806,7 @@
CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...)
NOT-FOR-US: Broadcom Ltd PIPA C211
CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old and new ...)
- TODO: check
+ NOT-FOR-US: Viprinet
CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud ...)
- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
More information about the Secure-testing-commits
mailing list