[Secure-testing-commits] r26589 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Apr 16 21:14:10 UTC 2014
Author: joeyh
Date: 2014-04-16 21:14:10 +0000 (Wed, 16 Apr 2014)
New Revision: 26589
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-16 20:19:11 UTC (rev 26588)
+++ data/CVE/list 2014-04-16 21:14:10 UTC (rev 26589)
@@ -1,3 +1,41 @@
+CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2873 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not ...)
+ TODO: check
+CVE-2014-2872 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2871 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an ...)
+ TODO: check
+CVE-2014-2870 (The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x ...)
+ TODO: check
+CVE-2014-2869 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2868 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2867 (Unrestricted file upload vulnerability in PaperThin CommonSpot before ...)
+ TODO: check
+CVE-2014-2866 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on ...)
+ TODO: check
+CVE-2014-2865 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2864 (Multiple directory traversal vulnerabilities in PaperThin CommonSpot ...)
+ TODO: check
+CVE-2014-2863 (Multiple absolute path traversal vulnerabilities in PaperThin ...)
+ TODO: check
+CVE-2014-2862 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check ...)
+ TODO: check
+CVE-2014-2861 (Incomplete blacklist vulnerability in PaperThin CommonSpot before ...)
+ TODO: check
+CVE-2014-2860 (Multiple cross-site scripting (XSS) vulnerabilities in PaperThin ...)
+ TODO: check
+CVE-2014-2859 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
+ TODO: check
+CVE-2014-2858 (Directory traversal vulnerability in the Resources plugin 1.0.0 before ...)
+ TODO: check
+CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
+ TODO: check
+CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 ...)
+ TODO: check
CVE-2014-XXXX [heap-based buffer overflow]
- libmms <unfixed>
NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
@@ -27,8 +65,8 @@
RESERVED
CVE-2014-2843
RESERVED
-CVE-2014-2842
- RESERVED
+CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a ...)
+ TODO: check
CVE-2014-2841
RESERVED
CVE-2014-2840
@@ -283,12 +321,14 @@
- qemu-kvm <removed>
NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
CVE-2014-2855 [Daemon infinite loop when no matched user in secrets]
+ RESERVED
- rsync 3.1.0-3 (bug #744791)
[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
NOTE: Introduced with https://git.samba.org/?p=rsync.git;a=commitdiff;h=5ebe9a46d7f3c846a6d665cb8c6ab8b79508a6df
NOTE: Fix: https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a
CVE-2014-2856 [cups: XSS in in web interface]
+ RESERVED
- cups 1.7.2-1
NOTE: http://www.cups.org/str.php?L4356
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
@@ -305,8 +345,7 @@
[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
NOTE: cifscreds PAM not built in unstable
-CVE-2014-2828 [Keystone DoS through V3 API authentication chaining]
- RESERVED
+CVE-2014-2828 (The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and ...)
- keystone <unfixed>
NOTE: https://launchpad.net/bugs/1300274
CVE-2014-2746 (net/IOService.java in Tigase before 5.2.1 does not properly restrict ...)
@@ -412,8 +451,8 @@
RESERVED
CVE-2014-2691
RESERVED
-CVE-2014-2690
- RESERVED
+CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows ...)
+ TODO: check
CVE-2014-2689
RESERVED
CVE-2014-2688
@@ -910,8 +949,7 @@
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ...)
- owncloud 6.0.2+dfsg-1
-CVE-2014-2580 [Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet]
- RESERVED
+CVE-2014-2580 (The netback driver in Xen, when using certain Linux versions that do ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only exploitable with Linux >= 3.12)
[squeeze] - xen <not-affected> (Only exploitable with Linux >= 3.12)
@@ -1040,217 +1078,185 @@
RESERVED
CVE-2014-2472
RESERVED
-CVE-2014-2471
- RESERVED
-CVE-2014-2470
- RESERVED
+CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
+ TODO: check
+CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
CVE-2014-2469
RESERVED
-CVE-2014-2468
- RESERVED
-CVE-2014-2467
- RESERVED
-CVE-2014-2466
- RESERVED
-CVE-2014-2465
- RESERVED
-CVE-2014-2464
- RESERVED
-CVE-2014-2463
- RESERVED
+CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
+ TODO: check
+CVE-2014-2466 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
+ TODO: check
+CVE-2014-2465 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
+ TODO: check
+CVE-2014-2464 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
+ TODO: check
+CVE-2014-2463 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2462
RESERVED
-CVE-2014-2461
- RESERVED
-CVE-2014-2460
- RESERVED
-CVE-2014-2459
- RESERVED
-CVE-2014-2458
- RESERVED
-CVE-2014-2457
- RESERVED
+CVE-2014-2461 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-2460 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-2459 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-2458 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
+ TODO: check
+CVE-2014-2457 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
+ TODO: check
CVE-2014-2456
RESERVED
-CVE-2014-2455
- RESERVED
-CVE-2014-2454
- RESERVED
-CVE-2014-2453
- RESERVED
-CVE-2014-2452
- RESERVED
-CVE-2014-2451
- RESERVED
+CVE-2014-2455 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
+ TODO: check
+CVE-2014-2454 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
+ TODO: check
+CVE-2014-2453 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
+ TODO: check
+CVE-2014-2452 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-2451 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2450
- RESERVED
+CVE-2014-2450 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2449
- RESERVED
-CVE-2014-2448
- RESERVED
-CVE-2014-2447
- RESERVED
-CVE-2014-2446
- RESERVED
-CVE-2014-2445
- RESERVED
-CVE-2014-2444
- RESERVED
+CVE-2014-2449 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent ...)
+ TODO: check
+CVE-2014-2448 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2447 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2446 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2445 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
+ TODO: check
+CVE-2014-2444 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2443
- RESERVED
-CVE-2014-2442
- RESERVED
+CVE-2014-2443 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2442 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2441
- RESERVED
+CVE-2014-2441 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-guest-additions <not-affected> (Only affects 4.1 and later)
- virtualbox-guest-additions-iso 4.3.10-1
[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
-CVE-2014-2440
- RESERVED
+CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2439
- RESERVED
+CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
NOT-FOR-US: Oracle Secure Global Desktop (SGD)
-CVE-2014-2438
- RESERVED
+CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2437
- RESERVED
-CVE-2014-2436
- RESERVED
+CVE-2014-2437 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2436 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2435
- RESERVED
+CVE-2014-2435 (Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2434
- RESERVED
+CVE-2014-2434 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-2433
- RESERVED
-CVE-2014-2432
- RESERVED
+CVE-2014-2433 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
+CVE-2014-2432 (Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2431
- RESERVED
+CVE-2014-2431 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2430
- RESERVED
+CVE-2014-2430 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2429
- RESERVED
-CVE-2014-2428
- RESERVED
+CVE-2014-2429 (Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self ...)
+ TODO: check
+CVE-2014-2428 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-2427
- RESERVED
+CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2426
- RESERVED
-CVE-2014-2425
- RESERVED
-CVE-2014-2424
- RESERVED
-CVE-2014-2423
- RESERVED
+CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
+ TODO: check
+CVE-2014-2425 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
+ TODO: check
+CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in ...)
+ TODO: check
+CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2422
- RESERVED
+CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2014-2421
- RESERVED
+CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2420
- RESERVED
+CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-2419
- RESERVED
+CVE-2014-2419 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
-CVE-2014-2418
- RESERVED
-CVE-2014-2417
- RESERVED
-CVE-2014-2416
- RESERVED
-CVE-2014-2415
- RESERVED
-CVE-2014-2414
- RESERVED
+CVE-2014-2418 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
+ TODO: check
+CVE-2014-2417 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
+ TODO: check
+CVE-2014-2416 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
+ TODO: check
+CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
+ TODO: check
+CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2413
- RESERVED
+CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
-CVE-2014-2412
- RESERVED
+CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2411
- RESERVED
-CVE-2014-2410
- RESERVED
+CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
+ TODO: check
+CVE-2014-2410 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2014-2409
- RESERVED
+CVE-2014-2409 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-2408
- RESERVED
-CVE-2014-2407
- RESERVED
-CVE-2014-2406
- RESERVED
+CVE-2014-2408 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2014-2407 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
+ TODO: check
+CVE-2014-2406 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2014-2405
RESERVED
-CVE-2014-2404
- RESERVED
-CVE-2014-2403
- RESERVED
+CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2402
- RESERVED
+CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
-CVE-2014-2401
- RESERVED
+CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
TODO: Not fixed in IcedTea, likely specific to Oracle Java
-CVE-2014-2400
- RESERVED
-CVE-2014-2399
- RESERVED
-CVE-2014-2398
- RESERVED
+CVE-2014-2400 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
+ TODO: check
+CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
+ TODO: check
+CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-2397
- RESERVED
+CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-2396
@@ -1273,8 +1279,8 @@
RESERVED
CVE-2014-2385
RESERVED
-CVE-2014-2384
- RESERVED
+CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
+ TODO: check
CVE-2014-2383
RESERVED
CVE-2014-2382
@@ -2253,8 +2259,8 @@
RESERVED
CVE-2014-1987
RESERVED
-CVE-2014-1986
- RESERVED
+CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
+ TODO: check
CVE-2014-1984
RESERVED
CVE-2014-1983
@@ -4429,7 +4435,7 @@
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0982
REJECTED
-CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through ...)
+CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, ...)
{DSA-2904-1}
- virtualbox 4.3.10-dfsg-1 (bug #741602)
- virtualbox-ose <removed> (bug #741602)
@@ -4637,14 +4643,14 @@
RESERVED
CVE-2014-0925
RESERVED
-CVE-2014-0924
- RESERVED
-CVE-2014-0923
- RESERVED
-CVE-2014-0922
- RESERVED
-CVE-2014-0921
- RESERVED
+CVE-2014-0924 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify ...)
+ TODO: check
+CVE-2014-0923 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
+ TODO: check
+CVE-2014-0922 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
+ TODO: check
+CVE-2014-0921 (The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 ...)
+ TODO: check
CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...)
TODO: check
CVE-2014-0919
@@ -5267,8 +5273,8 @@
RESERVED
CVE-2014-0643
RESERVED
-CVE-2014-0642
- RESERVED
+CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
+ TODO: check
CVE-2014-0641
RESERVED
CVE-2014-0640
@@ -5327,7 +5333,7 @@
TODO: check
CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 ...)
NOT-FOR-US: JunOS
-CVE-2014-0612 (Unspecified vulnerability in Juniper Jonos before 11.4R10-S1, before ...)
+CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before ...)
TODO: check
CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
- linux-2.6 <removed> (low)
@@ -5688,8 +5694,8 @@
RESERVED
CVE-2014-0515
RESERVED
-CVE-2014-0514
- RESERVED
+CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
+ TODO: check
CVE-2014-0513
RESERVED
CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox ...)
@@ -5885,75 +5891,59 @@
RESERVED
CVE-2013-7150
RESERVED
-CVE-2014-0465
- RESERVED
-CVE-2014-0464
- RESERVED
+CVE-2014-0465 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
+ TODO: check
+CVE-2014-0464 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
- openjdk-7 <not-affected> (Only affects Java 8)
- openjdk-6 <not-affected> (Only affects Java 8)
-CVE-2014-0463
- RESERVED
+CVE-2014-0463 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
- openjdk-7 <not-affected> (Only affects Java 8)
- openjdk-6 <not-affected> (Only affects Java 8)
CVE-2014-0462
RESERVED
-CVE-2014-0461
- RESERVED
+CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0460
- RESERVED
+CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0459
- RESERVED
-CVE-2014-0458
- RESERVED
+CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
+ TODO: check
+CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0457
- RESERVED
+CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0456
- RESERVED
+CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0455
- RESERVED
+CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
-CVE-2014-0454
- RESERVED
+CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 <not-affected> (Only affects Java 7/8)
-CVE-2014-0453
- RESERVED
+CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0452
- RESERVED
+CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0451
- RESERVED
+CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
-CVE-2014-0450
- RESERVED
-CVE-2014-0449
- RESERVED
+CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
+ TODO: check
+CVE-2014-0449 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0448
- RESERVED
+CVE-2014-0448 (Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0447
- RESERVED
+CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
NOT-FOR-US: Solaris
-CVE-2014-0446
- RESERVED
+CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -5962,8 +5952,7 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0443 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft Enterprise
-CVE-2014-0442
- RESERVED
+CVE-2014-0442 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows ...)
NOT-FOR-US: Solaris
CVE-2014-0441 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft Enterprise
@@ -5987,8 +5976,7 @@
CVE-2014-0433 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-0432
- RESERVED
+CVE-2014-0432 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
TODO: Not fixed in IcedTea, likely specific to Oracle Java
CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
@@ -5996,8 +5984,7 @@
CVE-2014-0430 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-0429
- RESERVED
+CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
- openjdk-7 7u55-2.4.7-1
- openjdk-6 6b31-1.13.3-1
CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
@@ -6006,8 +5993,8 @@
CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-0426
- RESERVED
+CVE-2014-0426 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
+ TODO: check
CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
@@ -6019,8 +6006,7 @@
CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 6b30-1.13.1-1
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0421
- RESERVED
+CVE-2014-0421 (Unspecified vulnerability in Oracle Solaris 10, when running on the ...)
NOT-FOR-US: Solaris
CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2848-1}
@@ -6042,10 +6028,10 @@
CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0414
- RESERVED
-CVE-2014-0413
- RESERVED
+CVE-2014-0414 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
+ TODO: check
+CVE-2014-0413 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
+ TODO: check
CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2848-1 DSA-2845-1}
- mariadb-5.5 5.5.35-1
@@ -6132,8 +6118,7 @@
CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
-CVE-2014-0384
- RESERVED
+CVE-2014-0384 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <unfixed> (bug #744910)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
CVE-2014-0383 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
@@ -7300,8 +7285,7 @@
NOT-FOR-US: JBoss EAP
CVE-2014-0168
RESERVED
-CVE-2014-0167 [RBAC policy not properly enforced in Nova EC2 API]
- RESERVED
+CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute ...)
- nova 2013.2.3-1 (bug #744051)
CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in ...)
{DSA-2901-1}
@@ -7331,8 +7315,7 @@
- openafs 1.6.7-1
CVE-2014-0158
RESERVED
-CVE-2014-0157
- RESERVED
+CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration ...)
- horizon 2013.2.3-1 (bug #744019)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
CVE-2014-0156
@@ -7398,13 +7381,11 @@
RESERVED
CVE-2014-0140
RESERVED
-CVE-2014-0139 [libcurl IP address wildcard certificate validation]
- RESERVED
+CVE-2014-0139 (cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, ...)
{DSA-2902-1}
- curl 7.36.0-1 (bug #742728)
NOTE: http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
-CVE-2014-0138 [libcurl wrong re-use of connections]
- RESERVED
+CVE-2014-0138 (The default configuration in cURL and libcurl 7.10.6 before 7.36.0 ...)
{DSA-2902-1}
- curl 7.36.0-1 (bug #742728)
NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch
@@ -7494,8 +7475,7 @@
RESERVED
CVE-2014-0108
RESERVED
-CVE-2014-0107 [Xalan-Java insufficient secure processing]
- RESERVED
+CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not ...)
{DSA-2886-1}
- libxalan2-java 2.7.1-9 (bug #742577)
NOTE: https://issues.apache.org/jira/browse/XALANJ-2435
@@ -7504,8 +7484,7 @@
- sudo 1.8.5p2-1 (low)
[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
NOTE: http://www.sudo.ws/sudo/alerts/env_add.html
-CVE-2014-0105 [Potential context confusion in Keystone middleware]
- RESERVED
+CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library for ...)
- python-keystoneclient 1:0.6.0-4 (low; bug #742898)
[wheezy] - python-keystoneclient <not-affected> (Vulnerable code yet in src:keystone)
- keystone 2013.1.1-2
@@ -7709,8 +7688,7 @@
RESERVED
{DSA-2890-1}
- libspring-java 3.0.6.RELEASE-13 (bug #741604)
-CVE-2014-0053
- RESERVED
+CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
NOT-FOR-US: Grails
CVE-2014-0052
RESERVED
@@ -9071,8 +9049,7 @@
NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4
NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=261c4f5fb93c5e23b8002f2760d4a7937cdb7f63
-CVE-2013-6456 [virsh shutdown does not handle symlinks correctly for LXC]
- RESERVED
+CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 ...)
- libvirt <unfixed> (bug #732394)
[wheezy] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
@@ -13182,8 +13159,8 @@
RESERVED
CVE-2013-4769
RESERVED
-CVE-2013-4768
- RESERVED
+CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote ...)
+ TODO: check
CVE-2013-4767 (Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown ...)
- eucalyptus <removed>
CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote ...)
@@ -43580,8 +43557,7 @@
CVE-2012-0215 (model/modelstorage.py in the Tryton application framework (trytond) ...)
{DSA-2444-1}
- tryton-server 2.2.2-1 (medium)
-CVE-2012-0214 [apt would still trust repository when old InRelease file present]
- RESERVED
+CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in ...)
- apt 0.8.15.10
[squeeze] - apt <not-affected> (Vulnerable code not present)
[lenny] - apt <not-affected> (Vulnerable code not present)
@@ -47660,8 +47636,7 @@
CVE-2011-3629
RESERVED
NOT-FOR-US: Joomla
-CVE-2011-3628
- RESERVED
+CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...)
- pam 1.1.3-7 (low; bug #670076)
[squeeze] - pam <no-dsa> (Minor issue)
[lenny] - pam <no-dsa> (Minor issue)
@@ -65029,8 +65004,7 @@
CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...)
- libvirt 0.8.3-1
[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
-CVE-2010-2236
- RESERVED
+CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and ...)
NOT-FOR-US: Red Hat Satellite
CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network ...)
- cobbler <itp> (bug #545583)
@@ -93573,8 +93547,7 @@
- brltty <not-affected> (RedHat-specific)
CVE-2008-3278
RESERVED
-CVE-2008-3277
- RESERVED
+CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script ...)
- ibutils <not-affected> (RedHat-specific)
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
{DSA-1653-1 DSA-1636-1}
More information about the Secure-testing-commits
mailing list