[Secure-testing-commits] r29433 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Oct 16 21:14:17 UTC 2014
Author: joeyh
Date: 2014-10-16 21:14:17 +0000 (Thu, 16 Oct 2014)
New Revision: 29433
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-16 15:36:26 UTC (rev 29432)
+++ data/CVE/list 2014-10-16 21:14:17 UTC (rev 29433)
@@ -1,3 +1,9 @@
+CVE-2014-8295 (SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows ...)
+ TODO: check
+CVE-2014-8294 (Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests ...)
+ TODO: check
+CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests ...)
+ TODO: check
CVE-2014-8764
RESERVED
CVE-2014-8763
@@ -471,8 +477,7 @@
NOT-FOR-US: Allomani Weblinks
CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project ...)
NOT-FOR-US: Drupal module Project Issue File Review
-CVE-2014-8750
- RESERVED
+CVE-2014-8750 (Race condition in the VMware driver in OpenStack Compute (Nova) before ...)
- nova <unfixed>
[wheezy] - nova <not-affected> (Vulnerable code not present)
NOTE: https://launchpad.net/bugs/1357372
@@ -2216,8 +2221,8 @@
RESERVED
CVE-2014-7238
RESERVED
-CVE-2014-7237
- RESERVED
+CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on ...)
+ TODO: check
CVE-2014-7236
RESERVED
CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...)
@@ -2278,8 +2283,7 @@
RESERVED
CVE-2014-7207
RESERVED
-CVE-2014-7206 [apt-get: Insecure temporary changelog handling]
- RESERVED
+CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to ...)
{DSA-3048-1}
- apt 1.0.9.2 (bug #763780)
[squeeze] - apt <not-affected> (apt changelog command and vulnerable code not present)
@@ -3684,92 +3688,87 @@
RESERVED
CVE-2014-6565
RESERVED
-CVE-2014-6564
- RESERVED
-CVE-2014-6563
- RESERVED
-CVE-2014-6562
- RESERVED
+CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
+ TODO: check
+CVE-2014-6563 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6562 (Unspecified vulnerability in Oracle Java SE 8u20 allows remote ...)
- openjdk-8 <unfixed>
-CVE-2014-6561
- RESERVED
-CVE-2014-6560
- RESERVED
-CVE-2014-6559
- RESERVED
-CVE-2014-6558
- RESERVED
+CVE-2014-6561 (Unspecified vulnerability in the Oracle Payments component in Oracle ...)
+ TODO: check
+CVE-2014-6560 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
+ TODO: check
+CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6557
- RESERVED
+CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management ...)
+ TODO: check
CVE-2014-6556
RESERVED
-CVE-2014-6555
- RESERVED
-CVE-2014-6554
- RESERVED
-CVE-2014-6553
- RESERVED
-CVE-2014-6552
- RESERVED
-CVE-2014-6551
- RESERVED
-CVE-2014-6550
- RESERVED
+CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
+ TODO: check
+CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-6553 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-6552 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-6551 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
+ TODO: check
+CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library ...)
+ TODO: check
CVE-2014-6549
RESERVED
CVE-2014-6548
RESERVED
-CVE-2014-6547
- RESERVED
-CVE-2014-6546
- RESERVED
-CVE-2014-6545
- RESERVED
-CVE-2014-6544
- RESERVED
-CVE-2014-6543
- RESERVED
-CVE-2014-6542
- RESERVED
+CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-6545 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6544 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
+ TODO: check
+CVE-2014-6543 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
+ TODO: check
+CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
CVE-2014-6541
RESERVED
-CVE-2014-6540
- RESERVED
-CVE-2014-6539
- RESERVED
-CVE-2014-6538
- RESERVED
-CVE-2014-6537
- RESERVED
-CVE-2014-6536
- RESERVED
-CVE-2014-6535
- RESERVED
-CVE-2014-6534
- RESERVED
-CVE-2014-6533
- RESERVED
-CVE-2014-6532
- RESERVED
+CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
+ TODO: check
+CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2014-6538 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6537 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6536 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
+ TODO: check
+CVE-2014-6535 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6534 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2014-6533 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-6532 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6531
- RESERVED
+CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6530
- RESERVED
-CVE-2014-6529
- RESERVED
+CVE-2014-6530 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
+ TODO: check
+CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
+ TODO: check
CVE-2014-6528
RESERVED
-CVE-2014-6527
- RESERVED
+CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6526
@@ -3778,46 +3777,40 @@
RESERVED
CVE-2014-6524
RESERVED
-CVE-2014-6523
- RESERVED
-CVE-2014-6522
- RESERVED
+CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
+ TODO: check
CVE-2014-6521
RESERVED
-CVE-2014-6520
- RESERVED
-CVE-2014-6519
- RESERVED
+CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
+ TODO: check
+CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE ...)
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
CVE-2014-6518
RESERVED
-CVE-2014-6517
- RESERVED
+CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6516
- RESERVED
-CVE-2014-6515
- RESERVED
+CVE-2014-6516 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+ TODO: check
+CVE-2014-6515 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6514
RESERVED
-CVE-2014-6513
- RESERVED
+CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and ...)
- openjdk-6 <not-affected> (Windows-specific)
- openjdk-7 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
-CVE-2014-6512
- RESERVED
+CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6511
- RESERVED
+CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
@@ -3825,151 +3818,139 @@
RESERVED
CVE-2014-6509
RESERVED
-CVE-2014-6508
- RESERVED
-CVE-2014-6507
- RESERVED
-CVE-2014-6506
- RESERVED
-CVE-2014-6505
- RESERVED
+CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
+ TODO: check
+CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
+ TODO: check
+CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
+ TODO: check
+CVE-2014-6505 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6504
- RESERVED
+CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6503
- RESERVED
+CVE-2014-6503 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6502
- RESERVED
+CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6501
- RESERVED
-CVE-2014-6500
- RESERVED
-CVE-2014-6499
- RESERVED
-CVE-2014-6498
- RESERVED
-CVE-2014-6497
- RESERVED
-CVE-2014-6496
- RESERVED
-CVE-2014-6495
- RESERVED
-CVE-2014-6494
- RESERVED
-CVE-2014-6493
- RESERVED
+CVE-2014-6501 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-6500 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
+ TODO: check
+CVE-2014-6499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2014-6498 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2014-6497 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-6496 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
+ TODO: check
+CVE-2014-6495 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
+ TODO: check
+CVE-2014-6494 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
+ TODO: check
+CVE-2014-6493 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6492
- RESERVED
+CVE-2014-6492 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6491
- RESERVED
-CVE-2014-6490
- RESERVED
-CVE-2014-6489
- RESERVED
-CVE-2014-6488
- RESERVED
-CVE-2014-6487
- RESERVED
-CVE-2014-6486
- RESERVED
-CVE-2014-6485
- RESERVED
+CVE-2014-6491 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
+ TODO: check
+CVE-2014-6490 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
+ TODO: check
+CVE-2014-6489 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
+ TODO: check
+CVE-2014-6488 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
+ TODO: check
+CVE-2014-6487 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
+ TODO: check
+CVE-2014-6486 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2014-6485 (Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 ...)
- openjdk-8 <unfixed>
-CVE-2014-6484
- RESERVED
-CVE-2014-6483
- RESERVED
-CVE-2014-6482
- RESERVED
+CVE-2014-6484 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
+ TODO: check
+CVE-2014-6483 (Unspecified vulnerability in the Application Express component in ...)
+ TODO: check
+CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
+ TODO: check
CVE-2014-6481
RESERVED
CVE-2014-6480
RESERVED
-CVE-2014-6479
- RESERVED
-CVE-2014-6478
- RESERVED
+CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology ...)
+ TODO: check
+CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
+ TODO: check
CVE-2014-6477
RESERVED
-CVE-2014-6476
- RESERVED
+CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6475
- RESERVED
-CVE-2014-6474
- RESERVED
-CVE-2014-6473
- RESERVED
-CVE-2014-6472
- RESERVED
-CVE-2014-6471
- RESERVED
-CVE-2014-6470
- RESERVED
-CVE-2014-6469
- RESERVED
-CVE-2014-6468
- RESERVED
+CVE-2014-6475 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6474 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
+ TODO: check
+CVE-2014-6473 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
+ TODO: check
+CVE-2014-6472 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2014-6471 (Unspecified vulnerability in the Oracle Applications Manager component ...)
+ TODO: check
+CVE-2014-6470 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-6469 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler ...)
+ TODO: check
+CVE-2014-6468 (Unspecified vulnerability in Oracle Java SE 8u20 allows local users to ...)
- openjdk-8 <unfixed>
-CVE-2014-6467
- RESERVED
-CVE-2014-6466
- RESERVED
+CVE-2014-6467 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6466 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6465
- RESERVED
-CVE-2014-6464
- RESERVED
-CVE-2014-6463
- RESERVED
-CVE-2014-6462
- RESERVED
-CVE-2014-6461
- RESERVED
-CVE-2014-6460
- RESERVED
-CVE-2014-6459
- RESERVED
-CVE-2014-6458
- RESERVED
+CVE-2014-6465 (Unspecified vulnerability in the Oracle Communications Session Border ...)
+ TODO: check
+CVE-2014-6464 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
+ TODO: check
+CVE-2014-6463 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
+ TODO: check
+CVE-2014-6462 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2014-6461 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
+ TODO: check
+CVE-2014-6460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6459 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
+CVE-2014-6458 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6457
- RESERVED
-CVE-2014-6456
- RESERVED
+CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
+ TODO: check
+CVE-2014-6456 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6455
- RESERVED
-CVE-2014-6454
- RESERVED
-CVE-2014-6453
- RESERVED
-CVE-2014-6452
- RESERVED
+CVE-2014-6455 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
+CVE-2014-6454 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
+CVE-2014-6453 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
CVE-2014-6451
RESERVED
CVE-2014-6450
@@ -4314,8 +4295,8 @@
RESERVED
CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
NOT-FOR-US: WordPress plugin WooCommerce
-CVE-2014-6312
- RESERVED
+CVE-2014-6312 (Cross-site request forgery (CSRF) vulnerability in the Login Widget ...)
+ TODO: check
CVE-2014-6309
RESERVED
CVE-2014-6308
@@ -6673,8 +6654,7 @@
{DSA-3007-1 DLA-40-1}
- cacti 0.8.8b+dfsg-8
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
-CVE-2014-4274 [unspecific error when handling MyISAM temporary files can be exploited to execute arbitrary code]
- RESERVED
+CVE-2014-4274 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
- mariadb-5.5 5.5.39-1
- mysql-5.5 5.5.39-1
- mysql-5.1 <removed>
@@ -9005,8 +8985,8 @@
CVE-2014-4311
RESERVED
NOT-FOR-US: Epicor
-CVE-2014-4310
- RESERVED
+CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...)
NOT-FOR-US: Openfiler
CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...)
@@ -9025,61 +9005,60 @@
NOT-FOR-US: HAM3D Shop Engine
CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Ajenti
-CVE-2014-4300
- RESERVED
-CVE-2014-4299
- RESERVED
-CVE-2014-4298
- RESERVED
-CVE-2014-4297
- RESERVED
-CVE-2014-4296
- RESERVED
-CVE-2014-4295
- RESERVED
-CVE-2014-4294
- RESERVED
-CVE-2014-4293
- RESERVED
-CVE-2014-4292
- RESERVED
-CVE-2014-4291
- RESERVED
-CVE-2014-4290
- RESERVED
-CVE-2014-4289
- RESERVED
-CVE-2014-4288
- RESERVED
+CVE-2014-4300 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
+CVE-2014-4299 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
+CVE-2014-4298 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
+ TODO: check
+CVE-2014-4297 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4296 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4295 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-4294 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
+ TODO: check
+CVE-2014-4293 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4292 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4291 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4290 (Unspecified vulnerability in the JPublisher component in Oracle ...)
+ TODO: check
+CVE-2014-4289 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
+ TODO: check
+CVE-2014-4288 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-4287
- RESERVED
+CVE-2014-4287 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
+ TODO: check
CVE-2014-4286
REJECTED
-CVE-2014-4285
- RESERVED
-CVE-2014-4284
- RESERVED
-CVE-2014-4283
- RESERVED
-CVE-2014-4282
- RESERVED
-CVE-2014-4281
- RESERVED
-CVE-2014-4280
- RESERVED
+CVE-2014-4285 (Unspecified vulnerability in the Oracle Applications Technology ...)
+ TODO: check
+CVE-2014-4284 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-4283 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
+ TODO: check
+CVE-2014-4282 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-4281 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
CVE-2014-4279
RESERVED
-CVE-2014-4278
- RESERVED
-CVE-2014-4277
- RESERVED
-CVE-2014-4276
- RESERVED
-CVE-2014-4275
- RESERVED
+CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
+ TODO: check
+CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
+ TODO: check
+CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
+ TODO: check
+CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
CVE-2014-4273
RESERVED
CVE-2014-4272
@@ -10425,8 +10404,7 @@
RESERVED
CVE-2014-3705
RESERVED
-CVE-2014-3704
- RESERVED
+CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal ...)
{DSA-3051-1}
- drupal7 7.32-1
- drupal6 <not-affected> (Only affects Drupal 7)
@@ -10465,8 +10443,7 @@
RESERVED
CVE-2014-3687
RESERVED
-CVE-2014-3686 [action script execution vulnerability]
- RESERVED
+CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with ...)
{DSA-3052-1}
- wpasupplicant <removed>
- hostapd <removed>
@@ -10487,8 +10464,7 @@
NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
CVE-2014-3682
RESERVED
-CVE-2014-3681 [SECURITY-143: XSS vulnerability in Jenkins core]
- RESERVED
+CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3680 [SECURITY-138: Password exposure in DOM]
RESERVED
@@ -10531,8 +10507,7 @@
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3665
RESERVED
-CVE-2014-3664 [SECURITY-131: directory traversal attack]
- RESERVED
+CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before 1.583 ...)
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3663 [SECURITY-127/SECURITY-128: privilege escalation in job configuration permission]
RESERVED
@@ -10767,8 +10742,7 @@
- horizon 2014.1.2-3 (bug #758930)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
NOTE: up to 2013.2.3, and 2014.1 versions up to 2014.1.2
-CVE-2014-3593
- RESERVED
+CVE-2014-3593 (Eval injection vulnerability in luci 0.26.0 allows remote ...)
NOT-FOR-US: Luci
CVE-2014-3592
RESERVED
@@ -10835,11 +10809,14 @@
RESERVED
CVE-2014-3568 [Build option no-ssl3 is incomplete]
RESERVED
+ {DSA-3053-1}
- openssl 1.0.1j-1
CVE-2014-3567 [Session Ticket Memory Leak]
RESERVED
+ {DSA-3053-1}
- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
+ {DSA-3053-1}
- openssl 1.0.1j-1
- nss <unfixed>
- gnutls26 <unfixed>
@@ -11033,6 +11010,7 @@
TODO: needs to check the others rails versions
CVE-2014-3513 [SRTP Memory Leak]
RESERVED
+ {DSA-3053-1}
- openssl 1.0.1j-1
[squeeze] - openssl <not-affected> (DLTS SRTP introduced in 1.0.1)
CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP ...)
@@ -12680,8 +12658,8 @@
RESERVED
CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2014-2927
- RESERVED
+CVE-2014-2927 (The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, ...)
+ TODO: check
CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before ...)
NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
@@ -12748,7 +12726,7 @@
NOT-FOR-US: Citrix Netscaler
CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement ...)
NOT-FOR-US: Citrix Netscaler
-CVE-2014-2880 (Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 ...)
+CVE-2014-2880 (Open redirect vulnerability in the Oracle Identity Manager component ...)
NOT-FOR-US: Oracle Identity Manager
CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
NOT-FOR-US: SonicWALL
@@ -13838,8 +13816,7 @@
[wheezy] - smb4k <no-dsa> (Minor issue)
[squeeze] - smb4k <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/
-CVE-2014-2576 [claws-mail rssyl plugin does not verify SSL peer at all]
- RESERVED
+CVE-2014-2576 (plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the ...)
- claws-mail 3.10.1-1 (bug #742695)
[wheezy] - claws-mail <not-affected> (rssyl plugin in separate source package)
[squeeze] - claws-mail <not-affected> (rssyl plugin in separate source package)
@@ -13960,22 +13937,22 @@
NOT-FOR-US: Oracle
CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle
-CVE-2014-2478
- RESERVED
+CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 4.3.12-dfsg-1 (bug #754939)
[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
- virtualbox-ose <not-affected> (Only affects 4.0 and later)
-CVE-2014-2476
- RESERVED
-CVE-2014-2475
- RESERVED
-CVE-2014-2474
- RESERVED
-CVE-2014-2473
- RESERVED
-CVE-2014-2472
- RESERVED
+CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
+CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
+CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
+CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
+CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
+ TODO: check
CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
@@ -15149,8 +15126,7 @@
CVE-2014-2023
RESERVED
NOT-FOR-US: vBulletin
-CVE-2014-2022
- RESERVED
+CVE-2014-2022 (SQL injection vulnerability in includes/api/4/breadcrumbs_create.php ...)
NOT-FOR-US: vBulletin
CVE-2014-2021
RESERVED
@@ -15672,12 +15648,10 @@
NOT-FOR-US: Titan FTP Server
CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...)
NOT-FOR-US: MyBB
-CVE-2014-1830
- RESERVED
+CVE-2014-1830 (Requests (aka python-requests) before 2.3.0 allows remote servers to ...)
- python-requests 2.3.0-1 (bug #733108)
NOTE: https://github.com/kennethreitz/requests/issues/1885
-CVE-2014-1829
- RESERVED
+CVE-2014-1829 (Requests (aka python-requests) before 2.3.0 allows remote servers to ...)
- python-requests 2.3.0-1 (bug #733108)
NOTE: https://github.com/kennethreitz/requests/issues/1885
CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in ...)
@@ -42409,7 +42383,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...)
NOT-FOR-US: CloudStack
-CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, ...)
+CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB ...)
- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
- mysql-5.1 <unfixed> (low; bug #695001)
[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
More information about the Secure-testing-commits
mailing list