[Secure-testing-commits] r25235 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Jan 16 21:14:11 UTC 2014
Author: joeyh
Date: 2014-01-16 21:14:11 +0000 (Thu, 16 Jan 2014)
New Revision: 25235
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-16 19:26:31 UTC (rev 25234)
+++ data/CVE/list 2014-01-16 21:14:11 UTC (rev 25235)
@@ -1,3 +1,123 @@
+CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...)
+ TODO: check
+CVE-2014-1471
+ RESERVED
+CVE-2014-1470
+ RESERVED
+CVE-2014-1469
+ RESERVED
+CVE-2014-1468
+ RESERVED
+CVE-2014-1467
+ RESERVED
+CVE-2014-1466 (SQL injection vulnerability in CSP MySQL User Manager 2.3 allows ...)
+ TODO: check
+CVE-2014-1465
+ RESERVED
+CVE-2014-1464
+ RESERVED
+CVE-2014-1463
+ RESERVED
+CVE-2014-1462
+ RESERVED
+CVE-2014-1461
+ RESERVED
+CVE-2014-1460
+ RESERVED
+CVE-2014-1459
+ RESERVED
+CVE-2014-1458
+ RESERVED
+CVE-2014-1457
+ RESERVED
+CVE-2014-1456
+ RESERVED
+CVE-2014-1455
+ RESERVED
+CVE-2014-1454
+ RESERVED
+CVE-2014-1453
+ RESERVED
+CVE-2014-1452
+ RESERVED
+CVE-2014-1451
+ RESERVED
+CVE-2014-1450
+ RESERVED
+CVE-2014-1449
+ RESERVED
+CVE-2014-1443
+ RESERVED
+CVE-2014-1442
+ RESERVED
+CVE-2014-1441
+ RESERVED
+CVE-2014-1440
+ RESERVED
+CVE-2014-1439
+ RESERVED
+CVE-2014-1437
+ RESERVED
+CVE-2014-1436
+ RESERVED
+CVE-2014-1435
+ RESERVED
+CVE-2014-1434
+ RESERVED
+CVE-2014-1433
+ RESERVED
+CVE-2014-1432
+ RESERVED
+CVE-2014-1431
+ RESERVED
+CVE-2014-1430
+ RESERVED
+CVE-2014-1429
+ RESERVED
+CVE-2014-1428
+ RESERVED
+CVE-2014-1427
+ RESERVED
+CVE-2014-1426
+ RESERVED
+CVE-2014-1425
+ RESERVED
+CVE-2014-1424
+ RESERVED
+CVE-2014-1423
+ RESERVED
+CVE-2014-1422
+ RESERVED
+CVE-2014-1421
+ RESERVED
+CVE-2014-1420
+ RESERVED
+CVE-2014-1419
+ RESERVED
+CVE-2014-1418
+ RESERVED
+CVE-2014-1417
+ RESERVED
+CVE-2014-1416
+ RESERVED
+CVE-2014-1415
+ RESERVED
+CVE-2014-1414
+ RESERVED
+CVE-2014-1413
+ RESERVED
+CVE-2014-1412
+ RESERVED
+CVE-2014-1411
+ RESERVED
+CVE-2014-1410
+ RESERVED
+CVE-2013-7294 (The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in ...)
+ TODO: check
+CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on ...)
+ TODO: check
CVE-2013-XXXX [DoS]
- poppler <unfixed>
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
@@ -10,29 +130,35 @@
- drupal6 <unfixed>
- drupal7 7.26-1
CVE-2014-1446
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
TODO: check
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
NOTE: Fix contained in v3.13-rc7
CVE-2014-1445
+ RESERVED
- linux 3.12.6-1
- linux-2.6 <removed>
TODO: check
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1
CVE-2014-1444
+ RESERVED
- linux 3.12.6-1
- linux-2.6 <removed>
TODO: check
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194
CVE-2014-1438 [missing CPU-state sanitation during task-switch causes DOS / privilege escalation]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
CVE-2014-1448
+ REJECTED
NOTE: rejected
CVE-2014-1447 [libvirt: denial of service with keepalive]
+ RESERVED
- libvirt <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
@@ -418,16 +544,15 @@
RESERVED
CVE-2014-1207
RESERVED
-CVE-2014-1206
- RESERVED
+CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web ...)
+ TODO: check
CVE-2014-1205
RESERVED
CVE-2014-1204
RESERVED
CVE-2014-1202
RESERVED
-CVE-2014-1201
- RESERVED
+CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
NOT-FOR-US: Lorex
CVE-2014-0999
RESERVED
@@ -479,14 +604,12 @@
RESERVED
CVE-2014-0972
RESERVED
-CVE-2013-7292
+CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote ...)
NOT-FOR-US: VASCO IAS
-CVE-2013-7291 [denial of service issue via unbounded key print]
- RESERVED
+CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote ...)
- memcached <unfixed> (bug #735314)
NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
-CVE-2013-7290 [denial of service issue via request to delete a key]
- RESERVED
+CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other ...)
- memcached 1.4.13-0.2
[squeeze] - memcached 1.4.5-1+deb6u1
NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
@@ -1256,8 +1379,8 @@
RESERVED
CVE-2014-0666
RESERVED
-CVE-2014-0665
- RESERVED
+CVE-2014-0665 (The RBAC implementation in Cisco Identity Services Engine (ISE) ...)
+ TODO: check
CVE-2014-0664 (The server in Cisco Unity Connection allows remote authenticated users ...)
NOT-FOR-US: Cisco Unity Connection
CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
@@ -1356,19 +1479,15 @@
RESERVED
CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R ...)
NOT-FOR-US: SRX Services Gateways
-CVE-2014-0617
- RESERVED
+CVE-2014-0617 (Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before ...)
NOT-FOR-US: SRX Services Gateways
-CVE-2014-0616
- RESERVED
+CVE-2014-0616 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
NOT-FOR-US: Juniper JunOS
-CVE-2014-0615
- RESERVED
+CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
NOT-FOR-US: JunOS CLI
CVE-2014-0614
RESERVED
-CVE-2014-0613
- RESERVED
+CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 ...)
NOT-FOR-US: JunOS
CVE-2014-0612
RESERVED
@@ -1448,8 +1567,7 @@
RESERVED
CVE-2014-0592
RESERVED
-CVE-2014-0591 [A Crafted Query Against an NSEC3-signed Zone Can Crash BIND]
- RESERVED
+CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
- bind9 <unfixed> (bug #735190)
NOTE: https://kb.isc.org/article/AA-01078
TODO: to be confirmed: only vulnerable with eglibc 2.17 and newer
@@ -1748,22 +1866,17 @@
RESERVED
CVE-2014-0497
RESERVED
-CVE-2014-0496
- RESERVED
+CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
NOT-FOR-US: Adobe Reader
-CVE-2014-0495
- RESERVED
+CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
NOT-FOR-US: Adobe Reader
CVE-2014-0494
RESERVED
-CVE-2014-0493
- RESERVED
+CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
NOT-FOR-US: Adobe Reader
-CVE-2014-0492
- RESERVED
+CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0491
- RESERVED
+CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Flash plugin
CVE-2014-0490
RESERVED
@@ -1949,241 +2062,206 @@
RESERVED
CVE-2014-0446
RESERVED
-CVE-2014-0445
- RESERVED
-CVE-2014-0444
- RESERVED
-CVE-2014-0443
- RESERVED
+CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0444 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
+ TODO: check
+CVE-2014-0443 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
CVE-2014-0442
RESERVED
-CVE-2014-0441
- RESERVED
-CVE-2014-0440
- RESERVED
-CVE-2014-0439
- RESERVED
-CVE-2014-0438
- RESERVED
-CVE-2014-0437
- RESERVED
+CVE-2014-0441 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0440 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0439 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0438 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0437 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mariadb-5.5 <unfixed>
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
CVE-2014-0436
RESERVED
-CVE-2014-0435
- RESERVED
-CVE-2014-0434
- RESERVED
-CVE-2014-0433
- RESERVED
+CVE-2014-0435 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-0434 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
+ TODO: check
+CVE-2014-0433 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0432
RESERVED
-CVE-2014-0431
- RESERVED
+CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2014-0430
- RESERVED
+CVE-2014-0430 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0429
RESERVED
-CVE-2014-0428
- RESERVED
+CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0427
- RESERVED
+CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0426
RESERVED
-CVE-2014-0425
- RESERVED
-CVE-2014-0424
- RESERVED
+CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
+ TODO: check
+CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0423
- RESERVED
+CVE-2014-0423 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0422
- RESERVED
+CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0421
RESERVED
-CVE-2014-0420
- RESERVED
+CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mariadb-5.5 <unfixed>
- mysql-5.5 <unfixed>
- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
-CVE-2014-0419
- RESERVED
+CVE-2014-0419 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
NOT-FOR-US: Oracle Secure Global Desktop
-CVE-2014-0418
- RESERVED
+CVE-2014-0418 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0417
- RESERVED
+CVE-2014-0417 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2014-0416
- RESERVED
+CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0415
- RESERVED
+CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0414
RESERVED
CVE-2014-0413
RESERVED
-CVE-2014-0412
- RESERVED
+CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mariadb-5.5 <unfixed>
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2014-0411
- RESERVED
+CVE-2014-0411 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0410
- RESERVED
+CVE-2014-0410 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0409
RESERVED
-CVE-2014-0408
- RESERVED
+CVE-2014-0408 (Unspecified vulnerability in Oracle Java SE 7u45, when running on OS ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
-CVE-2014-0407
- RESERVED
+CVE-2014-0407 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed>
- virtualbox <unfixed> (bug #735410)
-CVE-2014-0406
- RESERVED
+CVE-2014-0406 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed>
- virtualbox <unfixed> (bug #735410)
-CVE-2014-0405
- RESERVED
+CVE-2014-0405 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-guest-additions <removed> (bug #735410)
[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
- virtualbox-guest-additions-iso <unfixed> (bug #735410)
[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
-CVE-2014-0404
- RESERVED
+CVE-2014-0404 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed>
- virtualbox <unfixed> (bug #735410)
-CVE-2014-0403
- RESERVED
+CVE-2014-0403 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0402
- RESERVED
+CVE-2014-0402 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2014-0401
- RESERVED
+CVE-2014-0401 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mariadb-5.5 <unfixed>
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2014-0400
- RESERVED
-CVE-2014-0399
- RESERVED
-CVE-2014-0398
- RESERVED
+CVE-2014-0400 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+ TODO: check
+CVE-2014-0399 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-0398 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
CVE-2014-0397
RESERVED
-CVE-2014-0396
- RESERVED
-CVE-2014-0395
- RESERVED
-CVE-2014-0394
- RESERVED
-CVE-2014-0393
- RESERVED
+CVE-2014-0396 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0395 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0393 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2014-0392
- RESERVED
-CVE-2014-0391
- RESERVED
-CVE-2014-0390
- RESERVED
-CVE-2014-0389
- RESERVED
-CVE-2014-0388
- RESERVED
-CVE-2014-0387
- RESERVED
+CVE-2014-0392 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2014-0391 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
+ TODO: check
+CVE-2014-0390 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
+ TODO: check
+CVE-2014-0389 (Unspecified vulnerability in Oracle iLearning 6.0 allows remote ...)
+ TODO: check
+CVE-2014-0388 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human ...)
+ TODO: check
+CVE-2014-0387 (Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0386
- RESERVED
+CVE-2014-0386 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2014-0385
- RESERVED
+CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
CVE-2014-0384
RESERVED
-CVE-2014-0383
- RESERVED
-CVE-2014-0382
- RESERVED
+CVE-2014-0383 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
+ TODO: check
+CVE-2014-0382 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2014-0381
- RESERVED
-CVE-2014-0380
- RESERVED
-CVE-2014-0379
- RESERVED
-CVE-2014-0378
- RESERVED
-CVE-2014-0377
- RESERVED
-CVE-2014-0376
- RESERVED
+CVE-2014-0381 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0380 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-0379 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
+CVE-2014-0378 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
+ TODO: check
+CVE-2014-0377 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0375
- RESERVED
+CVE-2014-0375 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-0374
- RESERVED
-CVE-2014-0373
- RESERVED
+CVE-2014-0374 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
+ TODO: check
+CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0372
- RESERVED
-CVE-2014-0371
- RESERVED
-CVE-2014-0370
- RESERVED
-CVE-2014-0369
- RESERVED
-CVE-2014-0368
- RESERVED
+CVE-2014-0372 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
+CVE-2014-0371 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
+CVE-2014-0370 (Unspecified vulnerability in the Siebel Life Sciences component in ...)
+ TODO: check
+CVE-2014-0369 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
+ TODO: check
+CVE-2014-0368 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0367
- RESERVED
-CVE-2014-0366
- RESERVED
+CVE-2014-0367 (Unspecified vulnerability in the Hyperion Essbase Administration ...)
+ TODO: check
+CVE-2014-0366 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
CVE-2013-7249 (Fat Free CRM before 0.12.1 does not restrict XML serialization, which ...)
NOT-FOR-US: Fat Free CRM
CVE-2013-7242 (SQL injection vulnerability in ...)
@@ -2192,8 +2270,7 @@
NOT-FOR-US: Zenphoto
CVE-2013-7240 (Directory traversal vulnerability in download-file.php in the Advanced ...)
NOT-FOR-US: Dewplayer
-CVE-2013-7239 [SASL authentication allows wrong credentials to access memcache]
- RESERVED
+CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass ...)
{DSA-2832-1}
- memcached 1.4.13-0.3 (bug #733643)
[squeeze] - memcached <not-affected> (vulnerable code present, but SASL authentication support not enabled)
@@ -2229,8 +2306,7 @@
[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
-CVE-2013-7205 [off-by-one]
- RESERVED
+CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
- nagios3 <unfixed> (low)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
@@ -2387,23 +2463,20 @@
NOTE: fix for CVE-2013-2073 was incorrect/incomplete
NOTE: https://github.com/transifex/transifex-client/issues/42
NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
-CVE-2013-7108 [off-by-one read error]
- RESERVED
+CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, ...)
- icinga 1.10.2-1 (low)
- nagios3 <unfixed> (low)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://dev.icinga.org/issues/5251
NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
-CVE-2013-7107 [CSRF]
- RESERVED
+CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga ...)
- icinga 1.10.2-1 (low)
- nagios3 <unfixed> (low)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://dev.icinga.org/issues/5346
-CVE-2013-7106 [several buffer overflows]
- RESERVED
+CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 ...)
- icinga 1.10.2-1
NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
@@ -3097,16 +3170,16 @@
RESERVED
CVE-2014-0263
RESERVED
-CVE-2014-0262
- RESERVED
-CVE-2014-0261
- RESERVED
-CVE-2014-0260
- RESERVED
-CVE-2014-0259
- RESERVED
-CVE-2014-0258
- RESERVED
+CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...)
+ TODO: check
+CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows ...)
+ TODO: check
+CVE-2014-0260 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
+ TODO: check
+CVE-2014-0259 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
+ TODO: check
+CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, ...)
+ TODO: check
CVE-2014-0257
RESERVED
CVE-2014-0256
@@ -3559,8 +3632,7 @@
RESERVED
CVE-2014-0032
RESERVED
-CVE-2014-0031
- RESERVED
+CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache ...)
NOT-FOR-US: Apache CloudStack
CVE-2014-0030
RESERVED
@@ -4243,28 +4315,22 @@
RESERVED
CVE-2013-6647
RESERVED
-CVE-2013-6646
- RESERVED
+CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6645
- RESERVED
+CVE-2013-6645 (Use-after-free vulnerability in the OnWindowRemovingFromRootWindow ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6644
- RESERVED
+CVE-2013-6644 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6643
- RESERVED
+CVE-2013-6643 (The OneClickSigninBubbleView::WindowClosing function in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6642
- RESERVED
+CVE-2013-6642 (Google Chrome through 32.0.1700.23 on Android allows remote attackers ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6641
- RESERVED
+CVE-2013-6641 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
@@ -4961,8 +5027,7 @@
[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
CVE-2013-6399
RESERVED
-CVE-2013-6398
- RESERVED
+CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
NOT-FOR-US: Apache CloudStack
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
@@ -5559,8 +5624,8 @@
RESERVED
CVE-2013-6143
RESERVED
-CVE-2013-6142
- RESERVED
+CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
+ TODO: check
CVE-2013-6141
RESERVED
CVE-2013-6140
@@ -5595,8 +5660,8 @@
RESERVED
CVE-2013-6124
RESERVED
-CVE-2013-6123
- RESERVED
+CVE-2013-6123 (Multiple array index errors in ...)
+ TODO: check
CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-6121
@@ -6065,140 +6130,117 @@
NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
NOT-FOR-US: Tenable SecurityCenter
-CVE-2013-5910
- RESERVED
+CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2013-5909
- RESERVED
-CVE-2013-5908
- RESERVED
+CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2013-5908 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mariadb-5.5 <unfixed>
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
-CVE-2013-5907
- RESERVED
+CVE-2013-5907 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
TODO: Might affect ICU
-CVE-2013-5906
- RESERVED
+CVE-2013-5906 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
-CVE-2013-5905
- RESERVED
+CVE-2013-5905 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
-CVE-2013-5904
- RESERVED
+CVE-2013-5904 (Unspecified vulnerability in Oracle Java SE 7u45 allows remote ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5903
REJECTED
-CVE-2013-5902
- RESERVED
+CVE-2013-5902 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5901
- RESERVED
-CVE-2013-5900
- RESERVED
-CVE-2013-5899
- RESERVED
+CVE-2013-5901 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
+ TODO: check
+CVE-2013-5900 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
+ TODO: check
+CVE-2013-5899 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5898
- RESERVED
+CVE-2013-5898 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5897
- RESERVED
-CVE-2013-5896
- RESERVED
+CVE-2013-5897 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
+ TODO: check
+CVE-2013-5896 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2013-5895
- RESERVED
+CVE-2013-5895 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5894
- RESERVED
+CVE-2013-5894 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2013-5893
- RESERVED
+CVE-2013-5893 (Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded ...)
- openjdk-6 <not-affected> (Only affects OpenJDK 7)
- openjdk-7 7u51-2.4.4-1
-CVE-2013-5892
- RESERVED
+CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed>
- virtualbox <unfixed> (bug #735410)
-CVE-2013-5891
- RESERVED
+CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
-CVE-2013-5890
- RESERVED
-CVE-2013-5889
- RESERVED
+CVE-2013-5890 (Unspecified vulnerability in the Oracle Payroll component in Oracle ...)
+ TODO: check
+CVE-2013-5889 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5888
- RESERVED
+CVE-2013-5888 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5887
- RESERVED
+CVE-2013-5887 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5886
- RESERVED
-CVE-2013-5885
- RESERVED
-CVE-2013-5884
- RESERVED
+CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
+ TODO: check
+CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE Java SE 5.0u55, 6u65, and ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2013-5883
- RESERVED
-CVE-2013-5882
- RESERVED
+CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
+ TODO: check
+CVE-2013-5882 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2013-5881
- RESERVED
+CVE-2013-5881 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
-CVE-2013-5880
- RESERVED
-CVE-2013-5879
- RESERVED
-CVE-2013-5878
- RESERVED
+CVE-2013-5880 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
+CVE-2013-5879 (Unspecified vulnerability in the Oracle Outside In Technology ...)
+ TODO: check
+CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2013-5877
- RESERVED
-CVE-2013-5876
- RESERVED
-CVE-2013-5875
- RESERVED
-CVE-2013-5874
- RESERVED
-CVE-2013-5873
- RESERVED
-CVE-2013-5872
- RESERVED
-CVE-2013-5871
- RESERVED
-CVE-2013-5870
- RESERVED
+CVE-2013-5877 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
+CVE-2013-5876 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
+ TODO: check
+CVE-2013-5875 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
+ TODO: check
+CVE-2013-5874 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2013-5873 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2013-5872 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
+ TODO: check
+CVE-2013-5871 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
+ TODO: check
+CVE-2013-5870 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5869
- RESERVED
-CVE-2013-5868
- RESERVED
+CVE-2013-5869 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
+ TODO: check
+CVE-2013-5868 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
+ TODO: check
CVE-2013-5867 (Unspecified vulnerability in the Siebel Core - Server Infrastructure ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5866 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
@@ -6213,14 +6255,13 @@
NOT-FOR-US: Solaris
CVE-2013-5861 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote ...)
NOT-FOR-US: Solaris
-CVE-2013-5860
- RESERVED
+CVE-2013-5860 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5859 (Unspecified vulnerability in the Instantis EnterpriseTrack component ...)
NOT-FOR-US: Oracle Primavera Products Suite
-CVE-2013-5858
- RESERVED
+CVE-2013-5858 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2013-5857 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
NOT-FOR-US: Oracle Industry Applications
CVE-2013-5856 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
@@ -6230,8 +6271,8 @@
CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5853
- RESERVED
+CVE-2013-5853 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2013-5852 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -6280,10 +6321,10 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5835 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-5834
- RESERVED
-CVE-2013-5833
- RESERVED
+CVE-2013-5834 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
+ TODO: check
+CVE-2013-5833 (Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users ...)
+ TODO: check
CVE-2013-5832 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
@@ -6315,8 +6356,8 @@
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d
CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
-CVE-2013-5821
- RESERVED
+CVE-2013-5821 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows ...)
+ TODO: check
CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
@@ -6349,8 +6390,8 @@
CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
-CVE-2013-5808
- RESERVED
+CVE-2013-5808 (Unspecified vulnerability in the Oracle iPlanet Web Proxy Server ...)
+ TODO: check
CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 ...)
{DSA-2818-1}
- mysql-5.5 5.5.33
@@ -6391,8 +6432,8 @@
- openjdk-7 7u45-2.4.3-1
CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-5795
- RESERVED
+CVE-2013-5795 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
+ TODO: check
CVE-2013-5794 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5793 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier ...)
@@ -6419,8 +6460,8 @@
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-5785
- RESERVED
+CVE-2013-5785 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
+ TODO: check
CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
@@ -6476,8 +6517,8 @@
NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5764
- RESERVED
+CVE-2013-5764 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...)
@@ -7281,7 +7322,7 @@
NOT-FOR-US: Cisco
CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) ...)
NOT-FOR-US: Cisco Prime Data Center Network Manager
-CVE-2013-5486 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) ...)
+CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN ...)
NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5485
RESERVED
@@ -8673,7 +8714,7 @@
NOT-FOR-US: HP LoadRunner
CVE-2013-4836 (Unspecified vulnerability in the GossipService SOAP Request ...)
NOT-FOR-US: HP Application LifeCycle Management
-CVE-2013-4835 (Unspecified vulnerability in the issueSiebelCmd SOAP implementation in ...)
+CVE-2013-4835 (The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x ...)
NOT-FOR-US: HP SiteScope
CVE-2013-4834 (Unspecified vulnerability in the client component in HP Application ...)
NOT-FOR-US: HP Application LifeCycle Management
@@ -11499,8 +11540,8 @@
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3831 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3830
- RESERVED
+CVE-2013-3830 (Unspecified vulnerability in the Hyperion Strategic Finance component ...)
+ TODO: check
CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
@@ -13921,10 +13962,10 @@
RESERVED
CVE-2013-2828
RESERVED
-CVE-2013-2827
- RESERVED
-CVE-2013-2826
- RESERVED
+CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, ...)
+ TODO: check
+CVE-2013-2826 (WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and ...)
+ TODO: check
CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director ...)
NOT-FOR-US: Elecsys Director Gateway
CVE-2013-2824
@@ -13935,10 +13976,10 @@
NOT-FOR-US: NovaTech
CVE-2013-2821 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
NOT-FOR-US: NovaTech
-CVE-2013-2820
- RESERVED
-CVE-2013-2819
- RESERVED
+CVE-2013-2820 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
+ TODO: check
+CVE-2013-2819 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
+ TODO: check
CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
NOT-FOR-US: e-terracontrol
CVE-2013-2817
@@ -15794,8 +15835,7 @@
- linux-2.6 <not-affected> (Vulnerable code not present)
- linux 3.10.1-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
-CVE-2013-2139 [srtp: buffer overflow]
- RESERVED
+CVE-2013-2139 (Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows ...)
{DSA-2840-1}
- srtp 1.4.5~20130609~dfsg-1 (bug #711163)
CVE-2013-2138 (The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before ...)
@@ -20600,7 +20640,7 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0633 (Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-0632 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to ...)
+CVE-2013-0632 (administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain ...)
NOT-FOR-US: Adobe ColdFusion
@@ -21995,8 +22035,7 @@
NOT-FOR-US: Drupal module search_api
CVE-2013-0180
RESERVED
-CVE-2013-0179 [memcached DoS]
- RESERVED
+CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and ...)
- memcached 1.4.13-0.2 (low; bug #698231)
[squeeze] - memcached 1.4.5-1+deb6u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054
@@ -30260,7 +30299,7 @@
CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick ...)
- graphicsmagick 1.3.16-1.1 (low; bug #683284)
[squeeze] - graphicsmagick <no-dsa> (Minor issue)
-CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 ...)
+CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 ...)
- imagemagick 8:6.7.7.10-3 (low; bug #683285)
[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to ...)
@@ -65111,8 +65150,7 @@
RESERVED
- transmission 1.92-1 (medium; bug #574507)
[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
-CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels]
- RESERVED
+CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as ...)
- udisks 1.0.0~git20100212.aae17d9-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
More information about the Secure-testing-commits
mailing list