Apple

Notified:  June 17, 2016 Updated: April 04, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://support.apple.com/en-us/HT206905 https://support.apple.com/en-us/HT207271 https://support.apple.com/en-us/HT206902

Addendum

WebKit and WebKit-based applications and browsers are affected. Apple has assigned CVE-2016-4642, CVE-2016-4643, and CVE-2016-4644, as described in the HT206905 security bulletin. CVE-2016-7579 is described in the HT207271 bulletin.

Arista Networks, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Belkin, Inc.

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

CentOS

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Cisco

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

CoreOS

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Debian GNU/Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

DesktopBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

DragonFly BSD Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

EMC Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

F5 Networks, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Fedora Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

FreeBSD Project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Gentoo Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Google

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hardened BSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hewlett Packard Enterprise

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Hitachi

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

IBM Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Juniper Networks

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Lenovo

Notified:  June 17, 2016 Updated: August 01, 2016

Statement Date:   July 28, 2016

Status

  Not Affected

Vendor Statement

Lenovo products are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

m0n0wall

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Microsoft Corporation

Notified:  June 17, 2016 Updated: November 08, 2016

Status

  Affected

Vendor Statement

Please see the reference linked below.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://support.microsoft.com/en-us/kb/3179800

Addendum

There are no additional comments at this time.

Mocana

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Mozilla

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

NEC Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

NetBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Nokia

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

OmniTI

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

OpenBSD

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

openSUSE project

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Openwall GNU/*/Linux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Opera

Notified:  June 17, 2016 Updated: August 11, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Oracle Corporation

Notified:  June 17, 2016 Updated: October 21, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Oracle has notified the CERT/CC that the vulnerabilities are addressed in the October 2017 Critical Patch Update, linked below.

Vendor References

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Addendum

Java SE is affected. Oracle has assigned CVE-2016-5597.

QNX Software Systems Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Red Hat, Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

SAP

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Slackware Linux Inc.

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Sony Corporation

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

SUSE Linux

Notified:  June 17, 2016 Updated: July 19, 2016

Statement Date:   July 18, 2016

Status

  Unknown

Vendor Statement

SUSE may include fixes for this issue in future updates to SLE or openSUSE packages when they become available from projects implementing GUI http user agents.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

Synology

Notified:  July 28, 2016 Updated: July 28, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Turbolinux

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Ubuntu

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

Unisys

Notified:  June 17, 2016 Updated: June 17, 2016

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.