[Secure-testing-commits] r49453 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Mar 6 20:29:12 UTC 2017
Author: jmm
Date: 2017-03-06 20:29:11 +0000 (Mon, 06 Mar 2017)
New Revision: 49453
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-06 19:25:09 UTC (rev 49452)
+++ data/CVE/list 2017-03-06 20:29:11 UTC (rev 49453)
@@ -35298,9 +35298,9 @@
CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3933 (mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain ...)
@@ -35362,27 +35362,27 @@
CVE-2016-3904 (An elevation of privilege vulnerability in the Qualcomm bus driver in ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before ...)
NOT-FOR-US: libstagefright
CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3897 (The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3896 (AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3895 (Integer overflow in the Region::unflatten function in ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3894 (The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3893 (The wcdcal_hwdep_ioctl_shared function in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3892 (The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3891
@@ -35392,19 +35392,19 @@
CVE-2016-3889 (Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows ...)
TODO: check
CVE-2016-3888 (internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3887 (providers/settings/SettingsProvider.java in Android 7.0 before ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3886 (systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3885 (debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, ...)
TODO: check
CVE-2016-3884 (server/notification/NotificationManagerService.java in the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3883 (internal/telephony/SMSDispatcher.java in Telephony in Android 4.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx ...)
- libvpx 1.6.1-1
NOTE: probably fixed earlier, but this was the version checked
@@ -35417,7 +35417,7 @@
CVE-2016-3877 (Unspecified vulnerability in Android before 2016-09-01 has unknown ...)
TODO: check
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 ...)
TODO: check
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
@@ -35431,7 +35431,7 @@
CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in ...)
NOT-FOR-US: libstagefright
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, ...)
- TODO: check
+ NOT-FOR-US: Broadcom driver for Android
CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3867 (The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and ...)
@@ -35466,13 +35466,13 @@
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3853 (Google Play services in Android before 2016-08-05 on Nexus devices ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3852 (The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One ...)
NOT-FOR-US: MediaTek driver for Android
CVE-2016-3851 (The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X ...)
- TODO: check
+ NOT-FOR-US: LG bootloader for Android
CVE-2016-3850 (Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-3849 (The ION driver in Android before 2016-08-05 on Pixel C devices allows ...)
NOT-FOR-US: ION driver for Android
CVE-2016-3848 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
@@ -35480,40 +35480,40 @@
CVE-2016-3847 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3846 (The Serial Peripheral Interface driver in Android before 2016-08-05 on ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3845 (The video driver in the kernel in Android before 2016-08-05 on Nexus 5 ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3844 (mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-3843 (Android before 2016-08-05 does not properly restrict code execution in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3842 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, ...)
- TODO: check
+ NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3841 (The IPv6 stack in the Linux kernel before 4.3.3 mishandles options ...)
- linux 4.3.3-1
[jessie] - linux 3.16.7-ckt25-1
[wheezy] - linux 3.2.78-1
NOTE: Fixed by: https://git.kernel.org/linus/45f6fad84cc305103b28d73482b344d7f5b76f39 (v4.4-rc4)
CVE-2016-3840 (Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3839 (Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3838 (Android 6.x before 2016-08-01 allows attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3837 (service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3836 (The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3835 (The secure-session feature in the mm-video-v4l2 venc component in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3834 (The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3833 (The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3832 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
TODO: check
CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
NOT-FOR-US: libstagefright
CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...)
@@ -35529,7 +35529,7 @@
CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android ...)
NOT-FOR-US: libstagefright
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...)
TODO: check
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
@@ -35653,11 +35653,11 @@
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before ...)
TODO: check
CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3760 (Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3759 (The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3758 (Multiple buffer overflows in libdex/OptInvocation.cpp in ...)
TODO: check
CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
@@ -35671,13 +35671,13 @@
CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android ...)
NOT-FOR-US: Specific CVE assignment for libpng "fork" used on Android
CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x ...)
TODO: check
CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows ...)
TODO: check
CVE-2016-3747 (Use-after-free vulnerability in the mm-video-v4l2 venc component in ...)
@@ -35873,7 +35873,7 @@
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-3694 (Multiple SQL injection vulnerabilities in modified eCommerce ...)
- TODO: check
+ NOT-FOR-US: eCommerce Shopsoftware
CVE-2016-3693 (The Safemode gem before 1.2.4 for Ruby, when initialized with a ...)
- foreman <itp> (bug #663101)
CVE-2016-3692
@@ -37200,7 +37200,7 @@
CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...)
NOT-FOR-US: Open-Xchange
CVE-2016-3161 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-3160
RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
@@ -44408,35 +44408,35 @@
CVE-2016-1198
RESERVED
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1194
RESERVED
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1191 (Directory traversal vulnerability in the Files function in Cybozu ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1190 (Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1189 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1187
RESERVED
CVE-2016-1186
RESERVED
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2016-1184
RESERVED
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through ...)
- TODO: check
+ NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
@@ -44456,33 +44456,33 @@
NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...)
- TODO: check
+ NOT-FOR-US: Cyber-Will Social-button Premium plugin
CVE-2016-1179
RESERVED
CVE-2016-1178
RESERVED
CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and ...)
- TODO: check
+ NOT-FOR-US: Falcon WisePoint
CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows ...)
- TODO: check
+ NOT-FOR-US: Sharp EVA Animeter
CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player ...)
- TODO: check
+ NOT-FOR-US: AQUOS Photo Player
CVE-2016-1174 (Cross-site request forgery (CSRF) vulnerability in the Menubook plugin ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1173 (Cross-site scripting (XSS) vulnerability in the Menubook plugin before ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1172 (Cross-site request forgery (CSRF) vulnerability in the Recruit plugin ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1171 (Cross-site scripting (XSS) vulnerability in the Recruit plugin before ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1170 (Cross-site request forgery (CSRF) vulnerability in the Casebook plugin ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1169 (Cross-site scripting (XSS) vulnerability in the Casebook plugin before ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2016-1166
RESERVED
CVE-2016-1165
@@ -44616,7 +44616,7 @@
CVE-2015-8670
RESERVED
CVE-2015-8667 (Cross-site scripting (XSS) vulnerability in Reset Your Password module ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2015-8664 (Integer overflow in the WebCursor::Deserialize function in ...)
- chromium-browser 47.0.2526.111-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -45412,7 +45412,7 @@
NOTE: http://perl5.git.perl.org/perl.git/commit/130509aa42a87eef258fab0182ee2c7ad16baa8b
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
CVE-2015-8606 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 ...)
{DSA-3442-1 DLA-385-2 DLA-385-1}
- isc-dhcp 4.3.3-7 (bug #810875)
@@ -45576,7 +45576,7 @@
NOTE: Upstream patch: https://git.kernel.org/linus/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce (v4.0-rc5)
NOTE: https://googleprojectzero.blogspot.cz/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
{DSA-3607-1 DLA-516-1}
- linux 4.3.1-1
@@ -45612,7 +45612,7 @@
CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
NOT-FOR-US: Android drivers
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android ...)
- TODO: check
+ NOT-FOR-US: Android drivers
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...)
TODO: check
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...)
@@ -46006,9 +46006,9 @@
CVE-2016-0713
RESERVED
CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before ...)
- TODO: check
+ NOT-FOR-US: Apache Jetspeed
CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
- TODO: check
+ NOT-FOR-US: Apache Jetspeed
CVE-2016-0710 (Multiple SQL injection vulnerabilities in the User Manager service in ...)
NOT-FOR-US: Apache Jetspeed
CVE-2016-0709 (Directory traversal vulnerability in the Import/Export function in the ...)
@@ -46243,7 +46243,7 @@
CVE-2015-8545
RESERVED
CVE-2015-8544 (NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The ...)
NOT-FOR-US: Open-Xchange
CVE-2015-8556 [Local Privilege Escalation in QEMU virtfs-proxy-helper]
@@ -48637,7 +48637,6 @@
NOTE: For wheezy: same code looks present around patched lines, though the
NOTE: reproducer does not lead to a crash, and just gives
NOTE: "Matched, but too many substrings"
- TODO: double-check wheezy version
[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: Fixed in 8.38 upstream
- pcre2 <not-affected>
@@ -49330,7 +49329,6 @@
NOTE: https://github.com/apache/commons-collections/commit/3eee44cf63b1ebb0da6925e98b3dcc6ef1e4d610
NOTE: https://github.com/apache/commons-collections/commit/78d47d4d098ab814a7a00a0b1c81646b27f050cf
NOTE: https://github.com/apache/commons-collections/commit/b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
- TODO: double-check this CVE assignment, since it has been said earlier on oss-security that it would not get a CVE
CVE-2015-8079
RESERVED
- qtwebkit <unfixed> (unimportant)
@@ -49492,7 +49490,7 @@
CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility in F5 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2015-8020 (Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2015-8018
RESERVED
CVE-2015-8017
@@ -50002,7 +50000,7 @@
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...)
NOT-FOR-US: Joomla
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2015-7855
RESERVED
{DSA-3388-1 DLA-335-1}
@@ -50312,9 +50310,9 @@
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
NOT-FOR-US: JosephErnest Void
CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2015-7775 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2015-7774 (PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows ...)
NOT-FOR-US: PC-EGG
CVE-2015-7773 (Unrestricted file upload vulnerability in the Panel component in ...)
@@ -55444,7 +55442,7 @@
CVE-2015-5829 (Data Detectors Engine in Apple iOS before 9 allows remote attackers to ...)
NOT-FOR-US: Apple
CVE-2015-5828 (The API in the WebKit Plug-ins component in Apple Safari before 9 does ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2015-5827 (WebKit in Apple iOS before 9 allows remote attackers to bypass the ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5826 (WebKit in Apple iOS before 9 does not properly select the cases in ...)
@@ -55614,7 +55612,7 @@
CVE-2015-5743
RESERVED
CVE-2015-5742 (VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2015-5738 (The RSA-CRT implementation in the Cavium Software Development Kit ...)
- openssl <not-affected> (OpenSSL upstream is not affected)
CVE-2015-5959
@@ -55692,11 +55690,11 @@
- bind9 1:9.9.5.dfsg-12
NOTE: https://kb.isc.org/article/AA-01287
CVE-2015-5721 (Malware Information Sharing Platform (MISP) before 2.3.90 allows ...)
- TODO: check
+ NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5720 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5719 (app/Controller/TemplatesController.php in Malware Information Sharing ...)
- TODO: check
+ NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in ...)
NOT-FOR-US: Websense Content Gateway
CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview ...)
@@ -55745,9 +55743,9 @@
NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
NOTE: https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
CVE-2015-5713 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2015-5712 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2015-5711 (TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File ...)
NOT-FOR-US: TIBCO
CVE-2015-5710
More information about the Secure-testing-commits
mailing list