Author: jmm
Date: 2017-03-17 11:46:29 +0000 (Fri, 17 Mar 2017)
New Revision: 49738
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-17 11:21:13 UTC (rev 49737)
+++ data/CVE/list 2017-03-17 11:46:29 UTC (rev 49738)
@@ -22263,237 +22263,237 @@
CVE-2017-0155
RESERVED
CVE-2017-0154 (Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0153
RESERVED
CVE-2017-0152
RESERVED
CVE-2017-0151 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0150 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0149 (Microsoft Internet Explorer 9 through 11 allow remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0148 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0147 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0146 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0145 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0144 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0143 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server
2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0142
RESERVED
CVE-2017-0141 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0140 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0139
RESERVED
CVE-2017-0138 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0137 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0136 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0135 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0134 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0133 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0132 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0131 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0130 (The scripting engine in Microsoft Internet Explorer 9 through
11 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0129 (Microsoft Lync for Mac 2011 fails to properly validate
certificates, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0128 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0127 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0126 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0125 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0124 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0123 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0122 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0121 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0120 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0119 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0118 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0117 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0116 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0115 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0114 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0113 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0112 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0111 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0110 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange
Outlook ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0109 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0108 (The Windows Graphics Component in Microsoft Office 2007 SP3;
2010 SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0107 (Microsoft SharePoint Server fails to sanitize crafted web
requests, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0106
RESERVED
CVE-2017-0105 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word
for Mac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0104 (The iSNS Server service in Microsoft Windows Server 2008 SP2
and R2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0103 (The kernel API in Microsoft Windows Vista SP2, Windows Server
2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0102 (Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2;
Windows 7 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0101 (The kernel-mode drivers in Transaction Manager in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0100 (A DCOM object in Helppane.exe in Microsoft Windows 7 SP1;
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0099 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0098 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0097 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0096 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0095 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0094 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0093
RESERVED
CVE-2017-0092 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0091 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0090 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0089 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0088 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0087 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0086 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0085 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0084 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0083 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0082 (The kernel-mode drivers in Microsoft Windows 10 Gold and 1511
allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0081 (The kernel-mode drivers in Microsoft Windows 8.1; Windows
Server 2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0080 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and
1607 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0079 (The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2;
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0078 (The kernel-mode drivers in Microsoft Windows 8.1; Windows
Server 2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0077
RESERVED
CVE-2017-0076 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0075 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0074 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0073 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0072 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008
SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0071 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0070 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0069 (Microsoft Edge allows remote attackers to spoof web content via
a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0068 (Browsers in Microsoft Edge allow remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0067 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0066 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0065 (Microsoft Edge allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0064
RESERVED
CVE-2017-0063 (The Color Management Module (ICM32.dll) memory handling
functionality ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0062 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0061 (The Color Management Module (ICM32.dll) memory handling
functionality ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0060 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0059 (Microsoft Internet Explorer 9 through 11 allow remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0058
RESERVED
CVE-2017-0057 (DNS client in Microsoft Windows 8.1; Windows Server 2012 R2,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0056 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0055 (Microsoft Internet Information Server (IIS) in Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0054
RESERVED
CVE-2017-0053 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word
2007 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0052 (Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel
Viewer, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0051 (Microsoft Windows 10 1607 and Windows Server 2016 allow remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0050 (The kernel API in Microsoft Windows Vista SP2; Windows Server
2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0049 (The VBScript engine in Microsoft Internet Explorer 11 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0048
RESERVED
CVE-2017-0047 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0046
RESERVED
CVE-2017-0045 (Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and
R2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0044
RESERVED
CVE-2017-0043 (Active Directory Federation Services in Microsoft Windows 10
1607, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0042 (Windows Media Player in Microsoft Windows 8.1; Windows Server
2012 R2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0041
RESERVED
CVE-2017-0040 (The scripting engine in Microsoft Internet Explorer 9 through
11 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0039 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle
dynamic link ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0038 (gdi32.dll in Graphics Device Interface (GDI) in Microsoft
Windows Vista ...)
NOT-FOR-US: Microsoft
CVE-2017-0037 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a
type ...)
@@ -22501,67 +22501,67 @@
CVE-2017-0036
RESERVED
CVE-2017-0035 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0034 (A remote code execution vulnerability exists when Microsoft
Edge ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0033 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0032 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0031 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word
2007 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0030 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3,
Office Web ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0029 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and
Word ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0028
RESERVED
CVE-2017-0027 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1,
Excel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0026 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and
1607 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0025 (The kernel-mode drivers in Microsoft Windows Vista; Windows
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0024 (The kernel-mode drivers in Microsoft Windows 10 1607 and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0023 (The PDF library in Microsoft Edge; Windows 8.1; Windows Server
2012 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0022 (Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511,
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0021 (Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016
does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0020 (Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and
Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0019 (Microsoft Word 2016 allows remote attackers to execute
arbitrary code ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0018 (Microsoft Internet Explorer 10 and 11 allow remote attackers to
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0017 (The RegEx class in the XSS filter in Microsoft Edge allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0016 (Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows
RT ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0015 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0014 (The Windows Graphics Component in Microsoft Office 2010 SP2;
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0013
RESERVED
CVE-2017-0012 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0011 (Microsoft Edge allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0010 (A remote code execution vulnerability exists in the way
affected ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0009 (Microsoft Internet Explorer 9 through 11 allow remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0008 (Microsoft Internet Explorer 9 through 11 allow remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0007 (Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0006 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel
Viewer, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0005 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow
remote ...)
@@ -22569,7 +22569,7 @@
CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same
Origin ...)
NOT-FOR-US: Microsoft
CVE-2017-0001 (The Graphics Device Interface (GDI) in Microsoft Windows Vista
SP2; ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2016-8200
RESERVED
CVE-2016-8199
@@ -22917,29 +22917,29 @@
CVE-2016-8028
RESERVED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security
McAfee ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security
McAfee ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8025 (SQL injection vulnerability in Intel Security VirusScan
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8024 (Improper neutralization of CRLF sequences in HTTP headers ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8023 (Authentication bypass by assumed-immutable data vulnerability
in Intel ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8022 (Authentication bypass by spoofing vulnerability in Intel
Security ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8021 (Improper verification of cryptographic signature vulnerability
in ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8020 (Improper control of generation of code vulnerability in Intel
Security ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8019 (Cross-site scripting (XSS) vulnerability in attributes in Intel
...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8018 (Cross-site request forgery (CSRF) vulnerability in Intel
Security ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8017 (Special element injection vulnerability in Intel Security
VirusScan ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise
Linux ...)
- TODO: check
+ NOT-FOR-US: Intel antivirus
CVE-2016-8015
RESERVED
CVE-2016-8014
@@ -23156,7 +23156,7 @@
CVE-2016-7956
RESERVED
CVE-2016-7955 (The logcheck function in session.inc in AlienVault OSSIM before
5.3.1, ...)
- TODO: check
+ NOT-FOR-US: AlienVault OSSIM
CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary
Ruby code ...)
- bundler <unfixed> (bug #842504)
[jessie] - bundler <no-dsa> (Minor issue, too intrusive to backport)
@@ -40649,9 +40649,9 @@
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform
...)
NOT-FOR-US: Belden Hirschmann Classic Platform switches
CVE-2016-2508 (media/libmediaplayerservice/nuplayer/GenericSource.cpp in
mediaserver ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android
4.x ...)
NOT-FOR-US: libstagefright
CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in
Android 6.x ...)
@@ -40665,19 +40665,19 @@
CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on
Nexus 5X, ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before
5.1.1, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x
before ...)
NOT-FOR-US: libstagefright
CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus
7 ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2497
(services/core/java/com/android/server/pm/PackageManagerService.java in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-2496 (The Framework UI permission-dialog implementation in Android
6.x ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x
before ...)
NOT-FOR-US: libstagefright
CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before
4.4.4, 5.0.x ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus
5, ...)
NOT-FOR-US: Broadcom driver for Android
CVE-2016-2492 (The MediaTek power-management driver in Android before
2016-06-01 on ...)
@@ -40850,7 +40850,7 @@
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x
before ...)
NOT-FOR-US: Android
CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop
Client ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
RESERVED
CVE-2016-2406
@@ -41116,7 +41116,7 @@
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the
Accellion ...)
NOT-FOR-US: Accellion
CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1,
and 9.1 ...)
- TODO: check
+ NOT-FOR-US: BMC
CVE-2016-2348
RESERVED
CVE-2016-2347 [decode_level3_header heap corruption vulnerability]
@@ -41638,7 +41638,7 @@
CVE-2016-2220
RESERVED
CVE-2016-2219 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-2218
RESERVED
CVE-2016-2224 [denial of service while parsing compressed items]
@@ -41820,10 +41820,10 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and
IPSec ...)
+ NOTE: Generic protocol issue
NOTE: The CVE is assigned for the protocol flaw in the DES/3DES cipher,
used as a part of the SSL/TLS protocol.
NOTE: What was done in OpenSSL:
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
NOTE: Python issue: https://bugs.python.org/issue27850
- TODO: not clear if this should be assigned to individual source, like
openssl and nss (openpvn got a own CVE)
CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL
before 1.1.0 ...)
{DSA-3673-1 DLA-637-1}
- openssl 1.0.2i-1
@@ -45609,9 +45609,9 @@
CVE-2016-1213
RESERVED
CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI
...)
- TODO: check
+ NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing
List ...)
- TODO: check
+ NOT-FOR-US: Epoch Web Mailing List
CVE-2016-1210
RESERVED
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows
remote ...)
@@ -45623,13 +45623,13 @@
CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3,
WN-GDN/R3-C, ...)
NOT-FOR-US: I-O DATA
CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...)
- TODO: check
+ NOT-FOR-US: EC-CUBE plugin
CVE-2016-1204
RESERVED
CVE-2016-1203
RESERVED
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before
0.33.5 ...)
- TODO: check
+ NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON
EC-CUBE ...)
NOT-FOR-US: LOCKON
CVE-2016-1200 (The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9
allows ...)
@@ -46767,7 +46767,7 @@
CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in
Android ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-0840 (Multiple stack-based buffer underflows in
decoder/ih264d_parse_cavlc.c ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-0839 (post_proc/volume_listener.c in mediaserver in Android 6.x
before ...)
NOT-FOR-US: Android Mediaserver
CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x
before ...)
@@ -46821,9 +46821,9 @@
CVE-2016-0817
RESERVED
CVE-2016-0816 (mediaserver in Android 6.x before 2016-03-01 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-0815 (The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp
in ...)
- TODO: check
+ NOT-FOR-US: libstagefright
CVE-2016-0814
RESERVED
CVE-2016-0813
(packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java
...)
@@ -46833,7 +46833,7 @@
CVE-2016-0811 (Integer overflow in the BnCrypto::onTransact function in ...)
TODO: check
CVE-2016-0810 (media/libmedia/SoundPool.cpp in mediaserver in Android 4.x
before ...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2016-0809 (Use-after-free vulnerability in the wifi_cleanup function in
...)
TODO: check
CVE-2016-0808 (Integer overflow in the getCoverageFormat12 function in ...)
@@ -46845,7 +46845,7 @@
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in
Android ...)
NOT-FOR-US: Android drivers
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function
in ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x
before ...)
NOT-FOR-US: libstagefright
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before
4.4.4, ...)
@@ -54764,29 +54764,29 @@
CVE-2015-6648
RESERVED
CVE-2015-6647 (The Widevine QSEE TrustZone application in Android 5.x before
5.1.1 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6646 (The System V IPC implementation in the kernel in Android before
6.0 ...)
- TODO: check
+ - linux <undetermined>
CVE-2015-6645 (SyncManager in Android before 5.1.1 LMY49F and 6.0 before
2016-01-01 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6644 (Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before
2016-01-01 ...)
TODO: check
CVE-2015-6643 (Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before
...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6642 (The kernel in Android before 5.1.1 LMY49F and 6.0 before
2016-01-01 ...)
TODO: check
CVE-2015-6641 (Bluetooth in Android 6.0 before 2016-01-01 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6640 (The prctl_set_vma_anon_name function in kernel/sys.c in Android
before ...)
TODO: check
CVE-2015-6639 (The Widevine QSEE TrustZone application in Android 5.x before
5.1.1 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6638 (The Imagination Technologies driver in Android 5.x before 5.1.1
LMY49F ...)
- TODO: check
+ NOT-FOR-US: Imagination driver for Android
CVE-2015-6637 (The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and
6.0 ...)
- TODO: check
+ NOT-FOR-US: MediaTek driver for Android
CVE-2015-6636 (mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before
...)
- TODO: check
+ NOT-FOR-US: Android Mediaserver
CVE-2015-6635
RESERVED
CVE-2015-6634 (The display drivers in Android before 5.1.1 LMY48Z allow remote
...)
@@ -54816,7 +54816,7 @@
CVE-2015-6622 (The Native Frameworks Library in Android before 5.1.1 LMY48Z
and 6.0 ...)
TODO: check
CVE-2015-6621 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before
2015-12-01 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2015-6620 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before
...)
NOT-FOR-US: libstagefright
CVE-2015-6619 (The kernel in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 ...)
@@ -54824,7 +54824,7 @@
CVE-2015-6618 (Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows ...)
NOT-FOR-US: Android
CVE-2015-6617 (Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before ...)
- TODO: check
+ - skia <itp> (bug #818180)
CVE-2015-6616 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 ...)
NOT-FOR-US: mediaserver in Android
CVE-2015-6615
@@ -57264,15 +57264,15 @@
CVE-2015-5666
RESERVED
CVE-2015-5665 (Cross-site request forgery (CSRF) vulnerability in LOCKON
EC-CUBE ...)
- TODO: check
+ NOT-FOR-US: LOCKON
CVE-2015-5664 (Cross-site scripting (XSS) vulnerability in File Station in
QNAP QTS ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2015-5663 (The file-execution functionality in WinRAR before 5.30 beta 5
allows ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2015-5662 (Directory traversal vulnerability in Avast before 150918-0
allows ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2015-5661 (The SAND STUDIO AirDroid application 1.1.0 and earlier for
Android ...)
- TODO: check
+ NOT-FOR-US: SAND STUDIO AirDroid
CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer
before ...)
{DLA-485-1}
- extplorer <removed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
