Author: jmm
Date: 2017-02-17 22:21:09 +0000 (Fri, 17 Feb 2017)
New Revision: 49038
Modified:
data/CVE/list
Log:
new sane issue, new nvidia driver issues
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-02-17 21:18:36 UTC (rev 49037)
+++ data/CVE/list 2017-02-17 22:21:09 UTC (rev 49038)
@@ -1,3 +1,5 @@
+CVE-2017-XXXX [saned: SANE_NET_CONTROL_OPTION response packet may contain
memory contents of the server]
+ - sane-utils <unfixed> (bug #854804)
CVE-2017-6061
RESERVED
CVE-2017-6060
@@ -5990,7 +5992,7 @@
CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could
allow an ...)
NOT-FOR-US: Cisco
CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director
6.0.0.0 and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS
...)
NOT-FOR-US: Cisco Email Security Appliance
CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting
Center could ...)
@@ -13164,7 +13166,7 @@
CVE-2016-9707
RESERVED
CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker
SOAP ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9705
RESERVED
CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable
to ...)
@@ -14546,39 +14548,39 @@
CVE-2017-0325
RESERVED
CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a
vulnerability in ...)
- TODO: check
+ - nvidia-graphics-drivers <unfixed>
CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a ...)
- TODO: check
+ - nvidia-graphics-drivers <unfixed>
CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer
contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0316
RESERVED
CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the
kernel ...)
- TODO: check
+ - nvidia-graphics-drivers <unfixed>
CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a
vulnerability in ...)
- TODO: check
+ - nvidia-graphics-drivers <unfixed>
CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a
vulnerability in ...)
- TODO: check
+ - nvidia-graphics-drivers <unfixed>
CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0307
RESERVED
CVE-2017-0306
@@ -16957,7 +16959,7 @@
CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote
authenticated ...)
NOT-FOR-US: CloudVision Portal
CVE-2016-9010 (IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-9009
RESERVED
CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the
Agent ...)
@@ -17033,7 +17035,7 @@
CVE-2016-8973
RESERVED
CVE-2016-8972 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8971
RESERVED
CVE-2016-8970
@@ -17041,7 +17043,7 @@
CVE-2016-8969
RESERVED
CVE-2016-8968 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8967 (IBM BigFix Inventory v9 9.2 stores user credentials in plain in
clear ...)
NOT-FOR-US: IBM
CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain
...)
@@ -17089,7 +17091,7 @@
CVE-2016-8945
RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an
authenticated ...)
@@ -26714,7 +26716,7 @@
CVE-2016-6063
RESERVED
CVE-2016-6062 (IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to
cross-site ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This
...)
NOT-FOR-US: IBM
CVE-2016-6060 (An undisclosed vulnerability in IBM Rational DOORS Next
Generation ...)
@@ -26772,7 +26774,7 @@
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware)
could ...)
NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1
(VMware) is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to
cross-site ...)
NOT-FOR-US: IBM
CVE-2016-6031
@@ -27000,7 +27002,7 @@
CVE-2016-5920 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
...)
NOT-FOR-US: IBM
CVE-2016-5919 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0
uses ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the
encrypted ...)
NOT-FOR-US: IBM
CVE-2016-5917
@@ -27246,25 +27248,25 @@
CVE-2016-5806
RESERVED
CVE-2016-5805 (An issue was discovered in Delta Electronics WPLSoft, Versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate
MB3480 ...)
NOT-FOR-US: Moxa
CVE-2016-5803 (An issue was discovered in CA Unified Infrastructure Management
Version ...)
- TODO: check
+ NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2.
...)
- TODO: check
+ NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5800
RESERVED
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211,
and ...)
NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3
Version ...)
- TODO: check
+ NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different
error ...)
NOT-FOR-US: Tollgrade
CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3
Version ...)
- TODO: check
+ NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5795
RESERVED
CVE-2016-5794
@@ -27284,7 +27286,7 @@
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY
before ...)
NOT-FOR-US: CIMPLICITY
CVE-2016-5786 (An issue was discovered in OmniMetrix OmniView, Version 1.2.
The ...)
- TODO: check
+ NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5785
RESERVED
CVE-2016-5784
@@ -27292,7 +27294,7 @@
CVE-2016-5783
RESERVED
CVE-2016-5782 (An issue was discovered in Locus Energy LGate prior to 1.05H,
LGate 50, ...)
- TODO: check
+ NOT-FOR-US: Locus Energy LGate
CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote
...)
NOT-FOR-US: LeviStudio
CVE-2016-5780
@@ -30313,17 +30315,17 @@
CVE-2014-9782
(drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
- linux <not-affected> (Android-specific)
CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm
components ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components
in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9779 (arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm
components ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9778 (The vid_dec_set_h264_mv_buffers function in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2014-9777 (The vid_dec_set_meta_buffers function in ...)
- TODO: check
+ - linux <not-affected> (Android-specific)
CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android
before ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2016-5125
RESERVED
CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before ...)
@@ -40883,53 +40885,53 @@
CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote
attackers to ...)
NOT-FOR-US: Apple
CVE-2016-1786 (The Page Loading implementation in WebKit in Apple iOS before
9.3 and ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1785 (The Page Loading implementation in WebKit in Apple iOS before
9.3 and ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1784 (The History implementation in WebKit in Apple iOS before 9.3,
Safari ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1783 (WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS
before 9.2 ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1782 (WebKit in Apple iOS before 9.3 and Safari before 9.1 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1781 (WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles
...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1780 (WebKit in Apple iOS before 9.3 does not prevent hidden web
views from ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1779 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1778 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1777 (Web Server in Apple OS X Server before 5.1 supports the RC4
algorithm, ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1776 (Web Server in Apple OS X Server before 5.1 does not properly
restrict ...)
- TODO: check
+ NOT-FOR-US: Webkit as used by Apple
CVE-2016-1775 (TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4,
tvOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1774 (The Time Machine server in Server App in Apple OS X Server
before 5.1 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1773 (The code-signing subsystem in Apple OS X before 10.11.4 does
not ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1772 (The Top Sites feature in Apple Safari before 9.1 mishandles
cookie ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1771 (The Downloads feature in Apple Safari before 9.1 mishandles
file ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1770 (The Reminders component in Apple OS X before 10.11.4 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1769 (QuickTime in Apple OS X before 10.11.4 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1768 (QuickTime in Apple OS X before 10.11.4 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1767 (QuickTime in Apple OS X before 10.11.4 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1766 (The Profiles component in Apple iOS before 9.3 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1765 (otool in Apple Xcode before 7.3 allows local users to gain
privileges ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1764 (The Content Security Policy (CSP) implementation in Messages in
Apple ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an
auto-fill ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1762 (The xmlNextChar function in libxml2 before 2.9.4 allows remote
...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
@@ -40941,63 +40943,63 @@
NOTE: Marking as NFU since a regular libxml2 security issue would have
trickled down
NOTE: via libxml upstream
CVE-2016-1760 (The XPC Services API in LaunchServices in Apple iOS before 9.3
allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1759 (The kernel in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1758 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4
allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1757 (Race condition in the kernel in Apple iOS before 9.3 and OS X
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1756 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4
allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1755 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1754 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1753 (Multiple integer overflows in the kernel in Apple iOS before
9.3, OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1752 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1751 (The kernel in Apple iOS before 9.3, tvOS before 9.2, and
watchOS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1750 (Use-after-free vulnerability in the kernel in Apple iOS before
9.3, OS ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1749 (IOUSBFamily in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1748 (IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1747 (IOGraphics in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1746 (IOGraphics in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1745 (IOFireWireFamily in Apple OS X before 10.11.4 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1744 (The Intel driver in the Graphics Drivers subsystem in Apple OS
X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1743 (The Intel driver in the Graphics Drivers subsystem in Apple OS
X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1742 (Untrusted search path vulnerability in the installer in Apple
iTunes ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1741 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS
X ...)
- TODO: check
+ NOT-FOR-US: Apple / NVIDIA
CVE-2016-1740 (FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS
before ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1739
RESERVED
CVE-2016-1738 (dyld in Apple OS X before 10.11.4 allows attackers to bypass a
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1737 (Carbon in Apple OS X before 10.11.4 allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1736 (Bluetooth in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1735 (Bluetooth in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1734 (AppleUSBNetworking in Apple iOS before 9.3 and OS X before
10.11.4 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1733 (AppleRAID in Apple OS X before 10.11.4 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1732 (AppleRAID in Apple OS X before 10.11.4 allows local users to
obtain ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2016-1731 (Apple Software Update before 2.2 on Windows does not use HTTPS,
which ...)
NOT-FOR-US: Apple
CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to
read or ...)
@@ -56943,31 +56945,31 @@
CVE-2015-4927 (The Reporting and Monitoring component in Tivoli Monitoring in
IBM ...)
NOT-FOR-US: IBM
CVE-2015-4926 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4925 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4924 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4923 (Unspecified vulnerability in the XML Developer's Kit for C
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4922 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4921 (Unspecified vulnerability in the Database Vault component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4920 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4919 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4918
RESERVED
CVE-2015-4917 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4916 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX
2.2.85 ...)
- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4915 (Unspecified vulnerability in the Integrated Lights Out Manager
(ILOM) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4914 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4913 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and
earlier ...)
{DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
@@ -56975,7 +56977,7 @@
- mariadb-10.0 10.0.22-1 (bug #802874)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4912 (Unspecified vulnerability in the Oracle Access Manager
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4911 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and
8u60; ...)
{DSA-3465-1 DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
@@ -56986,7 +56988,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4909 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4908 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX
2.2.85 ...)
- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4907 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
@@ -57012,11 +57014,11 @@
CVE-2015-4901 (Unspecified vulnerability in Oracle Java SE 8u60 allows remote
...)
- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4900 (Unspecified vulnerability in the XDB - XML Database component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4899 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
- glassfish <not-affected> (Full application server not packaged)
CVE-2015-4898 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4897
RESERVED
CVE-2015-4896 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
@@ -57031,14 +57033,14 @@
- mariadb-10.0 10.0.21-3
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4894 (Unspecified vulnerability in the Mobile Server component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4893 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and
8u60; ...)
{DSA-3465-1 DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4892 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4891 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4890 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and
earlier ...)
@@ -57048,13 +57050,13 @@
CVE-2015-4889
RESERVED
CVE-2015-4888 (Unspecified vulnerability in the Java VM component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4887 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4886 (Unspecified vulnerability in the Oracle Report Manager
component in ...)
NOT-FOR-US: Oracle
CVE-2015-4885 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4884 (Unspecified vulnerability in the Oracle Application Object
Library ...)
NOT-FOR-US: Oracle
CVE-2015-4883 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and
8u60, and ...)
@@ -57073,7 +57075,7 @@
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4880 (Unspecified vulnerability in the Oracle WebCenter Content
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4879 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and
earlier, ...)
{DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
@@ -57081,17 +57083,17 @@
- mariadb-10.0 10.0.21-3
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4878 (Unspecified vulnerability in the Oracle Outside In Technology
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4877 (Unspecified vulnerability in the Oracle Outside In Technology
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4876 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4875 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4874 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4873 (Unspecified vulnerability in the Database Scheduler component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4872 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and
8u60; ...)
{DSA-3465-1 DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
@@ -57111,7 +57113,7 @@
CVE-2015-4868 (Unspecified vulnerability in Oracle Java SE 8u60 and Java SE
Embedded ...)
- openjdk-8 8u66-b17-1
CVE-2015-4867 (Unspecified vulnerability in the Oracle WebCenter Content
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4866 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and
earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
@@ -57120,7 +57122,7 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
NOTE: MariaDB: fixed in 10.0.18
CVE-2015-4865 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4864 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and
earlier ...)
- mysql-5.6 5.6.25-2
- mysql-5.5 <removed>
@@ -57128,7 +57130,7 @@
[wheezy] - mysql-5.5 5.5.44-0+deb7u1
[squeeze] - mysql-5.5 5.5.46-0+deb6u1
CVE-2015-4863 (Unspecified vulnerability in the Portable Clusterware component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4862 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and
earlier ...)
- mysql-5.6 5.6.27-1 (bug #802563)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
@@ -57145,7 +57147,7 @@
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4859 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4858 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and
earlier, ...)
{DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
@@ -57153,7 +57155,7 @@
- mariadb-10.0 10.0.22-1 (bug #802874)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4857 (Unspecified vulnerability in the RDBMS component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4856 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 5.0.0-dfsg-1
[jessie] - virtualbox 4.3.30-dfsg-1+deb8u1
@@ -57163,11 +57165,11 @@
CVE-2015-4855
RESERVED
CVE-2015-4854 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4853
RESERVED
CVE-2015-4852 (The WLS Security component in Oracle WebLogic Server 10.3.6.0,
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4851 (Unspecified vulnerability in the Oracle iSupplier Portal
component in ...)
NOT-FOR-US: Oracle
CVE-2015-4850 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
@@ -57212,9 +57214,9 @@
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
CVE-2015-4839 (Unspecified vulnerability in the Oracle Applications Technology
Stack ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4838 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4837 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4836 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and
earlier, ...)
@@ -57235,7 +57237,7 @@
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4832 (Unspecified vulnerability in the Oracle Identity Manager
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4831 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4830 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and
earlier ...)
@@ -57247,9 +57249,9 @@
CVE-2015-4829
REJECTED
CVE-2015-4828 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4827 (Unspecified vulnerability in the Oracle Retail Open Commerce
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4826 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and
earlier ...)
{DSA-3385-1 DSA-3377-1 DLA-359-1}
- mysql-5.6 5.6.27-1 (bug #802563)
@@ -57257,15 +57259,15 @@
- mariadb-10.0 10.0.22-1 (bug #802874)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4825 (Unspecified vulnerability in the PeopleSoft Enterprise FIN
Expenses ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4824 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4823 (Unspecified vulnerability in the Hyperion Installation
Technology ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4822 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4821 (Unspecified vulnerability in the Integrated Lights Out Manager
(ILOM) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4820 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4819 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and
earlier, ...)
@@ -57275,7 +57277,7 @@
- mariadb-10.0 10.0.21-3
NOTE:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4818 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-4817 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4816 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and
earlier ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
