[Secure-testing-commits] r31605 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Jan 22 21:10:52 UTC 2015
Author: sectracker
Date: 2015-01-22 21:10:51 +0000 (Thu, 22 Jan 2015)
New Revision: 31605
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-22 17:07:25 UTC (rev 31604)
+++ data/CVE/list 2015-01-22 21:10:51 UTC (rev 31605)
@@ -1,3 +1,259 @@
+CVE-2015-1304
+ RESERVED
+CVE-2015-1303
+ RESERVED
+CVE-2015-1302
+ RESERVED
+CVE-2015-1301
+ RESERVED
+CVE-2015-1300
+ RESERVED
+CVE-2015-1299
+ RESERVED
+CVE-2015-1298
+ RESERVED
+CVE-2015-1297
+ RESERVED
+CVE-2015-1296
+ RESERVED
+CVE-2015-1295
+ RESERVED
+CVE-2015-1294
+ RESERVED
+CVE-2015-1293
+ RESERVED
+CVE-2015-1292
+ RESERVED
+CVE-2015-1291
+ RESERVED
+CVE-2015-1290
+ RESERVED
+CVE-2015-1289
+ RESERVED
+CVE-2015-1288
+ RESERVED
+CVE-2015-1287
+ RESERVED
+CVE-2015-1286
+ RESERVED
+CVE-2015-1285
+ RESERVED
+CVE-2015-1284
+ RESERVED
+CVE-2015-1283
+ RESERVED
+CVE-2015-1282
+ RESERVED
+CVE-2015-1281
+ RESERVED
+CVE-2015-1280
+ RESERVED
+CVE-2015-1279
+ RESERVED
+CVE-2015-1278
+ RESERVED
+CVE-2015-1277
+ RESERVED
+CVE-2015-1276
+ RESERVED
+CVE-2015-1275
+ RESERVED
+CVE-2015-1274
+ RESERVED
+CVE-2015-1273
+ RESERVED
+CVE-2015-1272
+ RESERVED
+CVE-2015-1271
+ RESERVED
+CVE-2015-1270
+ RESERVED
+CVE-2015-1269
+ RESERVED
+CVE-2015-1268
+ RESERVED
+CVE-2015-1267
+ RESERVED
+CVE-2015-1266
+ RESERVED
+CVE-2015-1265
+ RESERVED
+CVE-2015-1264
+ RESERVED
+CVE-2015-1263
+ RESERVED
+CVE-2015-1262
+ RESERVED
+CVE-2015-1261
+ RESERVED
+CVE-2015-1260
+ RESERVED
+CVE-2015-1259
+ RESERVED
+CVE-2015-1258
+ RESERVED
+CVE-2015-1257
+ RESERVED
+CVE-2015-1256
+ RESERVED
+CVE-2015-1255
+ RESERVED
+CVE-2015-1254
+ RESERVED
+CVE-2015-1253
+ RESERVED
+CVE-2015-1252
+ RESERVED
+CVE-2015-1251
+ RESERVED
+CVE-2015-1250
+ RESERVED
+CVE-2015-1249
+ RESERVED
+CVE-2015-1248
+ RESERVED
+CVE-2015-1247
+ RESERVED
+CVE-2015-1246
+ RESERVED
+CVE-2015-1245
+ RESERVED
+CVE-2015-1244
+ RESERVED
+CVE-2015-1243
+ RESERVED
+CVE-2015-1242
+ RESERVED
+CVE-2015-1241
+ RESERVED
+CVE-2015-1240
+ RESERVED
+CVE-2015-1239
+ RESERVED
+CVE-2015-1238
+ RESERVED
+CVE-2015-1237
+ RESERVED
+CVE-2015-1236
+ RESERVED
+CVE-2015-1235
+ RESERVED
+CVE-2015-1234
+ RESERVED
+CVE-2015-1233
+ RESERVED
+CVE-2015-1232
+ RESERVED
+CVE-2015-1231
+ RESERVED
+CVE-2015-1230
+ RESERVED
+CVE-2015-1229
+ RESERVED
+CVE-2015-1228
+ RESERVED
+CVE-2015-1227
+ RESERVED
+CVE-2015-1226
+ RESERVED
+CVE-2015-1225
+ RESERVED
+CVE-2015-1224
+ RESERVED
+CVE-2015-1223
+ RESERVED
+CVE-2015-1222
+ RESERVED
+CVE-2015-1221
+ RESERVED
+CVE-2015-1220
+ RESERVED
+CVE-2015-1219
+ RESERVED
+CVE-2015-1218
+ RESERVED
+CVE-2015-1217
+ RESERVED
+CVE-2015-1216
+ RESERVED
+CVE-2015-1215
+ RESERVED
+CVE-2015-1214
+ RESERVED
+CVE-2015-1213
+ RESERVED
+CVE-2015-1212
+ RESERVED
+CVE-2015-1211
+ RESERVED
+CVE-2015-1210
+ RESERVED
+CVE-2015-1209
+ RESERVED
+CVE-2015-1208
+ RESERVED
+CVE-2015-1207
+ RESERVED
+CVE-2015-1206
+ RESERVED
+CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters ...)
+ TODO: check
+CVE-2015-1190
+ RESERVED
+CVE-2015-1189
+ RESERVED
+CVE-2015-1188
+ RESERVED
+CVE-2015-1187
+ RESERVED
+CVE-2015-1186
+ RESERVED
+CVE-2015-1185
+ RESERVED
+CVE-2015-1184
+ RESERVED
+CVE-2015-1183
+ RESERVED
+CVE-2015-1181
+ RESERVED
+CVE-2015-1180
+ RESERVED
+CVE-2015-1179
+ RESERVED
+CVE-2015-1178
+ RESERVED
+CVE-2015-1177
+ RESERVED
+CVE-2015-1176
+ RESERVED
+CVE-2015-1174
+ RESERVED
+CVE-2015-1173
+ RESERVED
+CVE-2015-1172
+ RESERVED
+CVE-2015-1171
+ RESERVED
+CVE-2015-1170
+ RESERVED
+CVE-2015-1169
+ RESERVED
+CVE-2015-1168
+ RESERVED
+CVE-2015-1167
+ RESERVED
+CVE-2015-1166
+ RESERVED
+CVE-2015-1165
+ RESERVED
+CVE-2015-1163
+ RESERVED
+CVE-2015-1162
+ RESERVED
+CVE-2015-1161
+ RESERVED
+CVE-2014-9631
+ RESERVED
CVE-2015-XXXX [buffer overrun in acknowledge.c(gi)]
- xymon <unfixed> (bug #776007)
TODO: check
@@ -63,9 +319,11 @@
[wheezy] - gtk+3.0 <not-affected> (Vulnerable code not present)
NOTE: http://www.ubuntu.com/usn/USN-2475-1/
CVE-2015-1182 [Remote attack using crafted certificates]
+ RESERVED
- polarssl <unfixed> (bug #775776)
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
CVE-2015-1175
+ RESERVED
NOT-FOR-US: PrestaShop
CVE-2015-1160
RESERVED
@@ -290,42 +548,52 @@
CVE-2015-1049
RESERVED
CVE-2015-1205
+ RESERVED
- chromium-browser 40.0.2214.91-1
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1203 [stack allocation with an attacker-controlled size -- modules/access/ftp.c]
+ RESERVED
- vlc <unfixed> (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-1202 [stack allocation with an attacker-controlled size -- modules/services_discovery/sap.c]
+ RESERVED
- vlc <unfixed> (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
-CVE-2015-1201
+CVE-2015-1201 (Privoxy before 3.0.22 allows remote attackers to cause a denial of ...)
- privoxy <undetermined>
NOTE: CVE assignment unclear, see also comment in https://bugzilla.redhat.com/show_bug.cgi?id=1169213#c4
CVE-2014-9630 [Invalid memory access in rtp code]
+ RESERVED
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
CVE-2014-9629 [integer overflow with resultant buffer overflow]
+ RESERVED
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
CVE-2014-9628 [attacker-triggered zero-size malloc with resultant buffer overflow]
+ RESERVED
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9627 [integer truncation on 32-bit platforms]
+ RESERVED
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9626 [integer underflow]
+ RESERVED
- vlc 2.2.0~rc2-2 (bug #775866)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9625 [Buffer overflow in updater]
+ RESERVED
- vlc <not-affected> (Update mechanism not enabled in the Debian package)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
CVE-2014-9623 [Glance user storage quota bypass]
+ RESERVED
- glance <unfixed>
[wheezy] - glance <no-dsa> (Minor issue)
NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
@@ -387,15 +655,13 @@
TODO: check
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in ...)
TODO: check
-CVE-2014-9598
- RESERVED
+CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC media ...)
- ffmpeg <unfixed>
- libav <unfixed>
TODO: check, this was originally reported for VLC; but upstream states that it is in libavcodec
NOTE: https://trac.videolan.org/vlc/ticket/13390
NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
-CVE-2014-9597
- RESERVED
+CVE-2014-9597 (The picture_pool_Delete function in misc/picture_pool.c in VideoLAN ...)
- ffmpeg <unfixed>
- libav <unfixed>
TODO: check, this was originally reported for VLC; but upstream states that it is in libavcodec
@@ -416,9 +682,11 @@
- kde-workspace <unfixed>
TODO: check
CVE-2015-1306 [vulnerability in the web interface]
+ {DSA-3134-1}
- sympa 6.1.23~dfsg-2
NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
CVE-2014-9624 [CAPTCHA bypass]
+ RESERVED
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -430,13 +698,15 @@
- libarchive <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
CVE-2015-1200 [race condition in setting permissions]
+ RESERVED
- pxz <unfixed> (bug #775306)
CVE-2015-1199 [directory traversal vulnerabilities]
+ RESERVED
- ppmd <removed> (low; bug #775218)
[squeeze] - ppmd <no-dsa> (Minor issue)
[wheezy] - ppmd <no-dsa> (Minor issue)
[jessie] - ppmd <no-dsa> (Minor issue)
-CVE-2015-1195 [Glance v2 API unrestricted path traversal through filesystem:// scheme]
+CVE-2015-1195 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) ...)
- glance 2014.1.3-11 (bug #775926)
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
@@ -466,12 +736,12 @@
- jenkins 1.565.3-3 (bug #769682)
CVE-2014-9634 [Secure flag not set]
- jenkins 1.565.3-3 (bug #769682)
-CVE-2015-1164 [Open Redirect]
+CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...)
- node-serve-static <unfixed> (bug #775843)
NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
NOTE: https://github.com/expressjs/serve-static/issues/26
-CVE-2015-1048
- RESERVED
+CVE-2015-1048 (Open redirect vulnerability in the integrated web server on Siemens ...)
+ TODO: check
CVE-2015-1047
RESERVED
CVE-2015-1046
@@ -498,16 +768,15 @@
RESERVED
CVE-2015-1033
RESERVED
-CVE-2015-1032 [Cross-Site Scripting Vulnerability]
- RESERVED
+CVE-2015-1032 (Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when ...)
- kiwix <removed>
NOTE: actually RFP again, but was removed from the archive on 2014-09-25
NOTE: See https://bugs.debian.org/763321
CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x ...)
- puppet-module-puppetlabs-stdlib <unfixed> (bug #775535)
NOTE: http://puppetlabs.com/security/cve/cve-2015-1029
-CVE-2015-1028
- RESERVED
+CVE-2015-1028 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
+ TODO: check
CVE-2015-1027
RESERVED
CVE-2015-1026
@@ -710,8 +979,8 @@
RESERVED
CVE-2015-0926
RESERVED
-CVE-2015-0925
- RESERVED
+CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...)
+ TODO: check
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
TODO: check
CVE-2015-0923
@@ -925,7 +1194,7 @@
CVE-2015-XXXX [mktexlsr: insecure use of /tmp]
- texlive-bin 2014.20140926.35254-5 (bug #775139)
[wheezy] - texlive-bin <no-dsa> (Minor issue)
-CVE-2015-1196 [directory traversal via symlinks]
+CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files ...)
- patch 2.7.1-7 (bug #775227)
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
@@ -938,26 +1207,25 @@
CVE-2015-XXXX [Crashes due to fuzzed input]
- sqlite3 <undetermined>
NOTE: https://www.sqlite.org/src/info/a59ae93ee990a55
-CVE-2015-1194 [path traversal via symlink following]
+CVE-2015-1194 (pax 1:20140703 allows remote attackers to write to arbitrary files via ...)
- pax <unfixed> (bug #774716)
[squeeze] - pax <no-dsa> (Minor issue)
[wheezy] - pax <no-dsa> (Minor issue)
-CVE-2015-1193 [.. path traversal (CWE-22)]
+CVE-2015-1193 (Multiple directory traversal vulnerabilities in pax 1:20140703 allow ...)
- pax <unfixed> (bug #774716)
[squeeze] - pax <no-dsa> (Minor issue)
[wheezy] - pax <no-dsa> (Minor issue)
-CVE-2015-1192 [directory traversal]
+CVE-2015-1192 (Absolute path traversal vulnerability in kgb 1.0b4 allows remote ...)
- kgb <unfixed> (bug #774989)
[jessie] - kgb <no-dsa> (meant to be used as a local archiver)
[wheezy] - kgb <no-dsa> (meant to be used as a local archiver)
[squeeze] - kgb <no-dsa> (meant to be used as a local archiver)
-CVE-2015-1191 [directory traversal]
+CVE-2015-1191 (Multiple directory traversal vulnerabilities in pigz 2.3.1 allow ...)
- pigz 2.3.1-2 (bug #774978)
[squeeze] - pigz <no-dsa> (Minor issue)
[wheezy] - pigz <no-dsa> (Minor issue)
NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
-CVE-2015-0973 [libpng: png_read_IDAT_data/png_handle_IHDR overflow]
- RESERVED
+CVE-2015-0973 (Buffer overflow in the png_read_IDAT_data function in pngrutil.c in ...)
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
[experimental] - libpng1.6 <unfixed> (bug #773823)
- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
@@ -1087,8 +1355,8 @@
RESERVED
CVE-2015-0868
RESERVED
-CVE-2015-0867
- RESERVED
+CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI ...)
+ TODO: check
CVE-2015-0866
RESERVED
CVE-2015-0865
@@ -1097,8 +1365,8 @@
RESERVED
CVE-2015-0863
RESERVED
-CVE-2015-0862
- RESERVED
+CVE-2015-0862 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
+ TODO: check
CVE-2015-0861
RESERVED
CVE-2015-0860
@@ -1825,6 +2093,7 @@
- libapache-poi-java 3.10.1-2 (low; bug #775171)
[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
CVE-2015-1198 [directory traversal vulnerabilities]
+ RESERVED
- ha <unfixed> (low; bug #774954)
[squeeze] - ha <no-dsa> (Minor issue)
[wheezy] - ha <no-dsa> (Minor issue)
@@ -1870,13 +2139,13 @@
{DSA-3133-1}
- privoxy 3.0.21-5 (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
-CVE-2015-1030 [memory leak when rejecting client connections]
- RESERVED
+CVE-2015-1030 (Memory leak in the rfc2553_connect_to function in jbsocket.c in ...)
- privoxy 3.0.21-5 (bug #775167)
[squeeze] - privoxy <not-affected> (Introduced in 3.0.21)
[wheezy] - privoxy <not-affected> (Introduced in 3.0.21)
NOTE: http://www.privoxy.org/announce.txt
CVE-2015-1197 [cpio directory traversal]
+ RESERVED
- cpio <unfixed> (low; bug #774669)
CVE-2015-XXXX [CHM decompression: pointer arithmetic overflow]
- libmspack 0.4-3 (bug #774726)
@@ -1918,10 +2187,10 @@
RESERVED
CVE-2015-0555
RESERVED
-CVE-2015-0554
- RESERVED
-CVE-2015-0553
- RESERVED
+CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with ...)
+ TODO: check
+CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in ...)
+ TODO: check
CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
NOT-FOR-US: concrete5
CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -1980,10 +2249,10 @@
NOT-FOR-US: Webform Invitation module for Drupal
CVE-2014-9492
REJECTED
-CVE-2014-9491
- RESERVED
-CVE-2014-9490
- RESERVED
+CVE-2014-9491 (The devzvol_readdir function in illumos does not check the return ...)
+ TODO: check
+CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem ...)
+ TODO: check
CVE-2014-9488
RESERVED
CVE-2014-9484
@@ -2165,8 +2434,7 @@
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
-CVE-2015-1038 [directory traversal]
- RESERVED
+CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a ...)
- p7zip <unfixed> (bug #774660)
CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...)
- trafficserver <unfixed>
@@ -2435,14 +2703,14 @@
RESERVED
CVE-2015-0517
RESERVED
-CVE-2015-0516
- RESERVED
-CVE-2015-0515
- RESERVED
-CVE-2015-0514
- RESERVED
-CVE-2015-0513
- RESERVED
+CVE-2015-0516 (Directory traversal vulnerability in EMC M&R (aka Watch4Net) before ...)
+ TODO: check
+CVE-2015-0515 (Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) ...)
+ TODO: check
+CVE-2015-0514 (EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might ...)
+ TODO: check
+CVE-2015-0513 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2015-0512
RESERVED
CVE-2015-0511
@@ -2593,240 +2861,217 @@
RESERVED
CVE-2015-0438
RESERVED
-CVE-2015-0437
- RESERVED
+CVE-2015-0437 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote ...)
- openjdk-8 <unfixed>
-CVE-2015-0436
- RESERVED
-CVE-2015-0435
- RESERVED
-CVE-2015-0434
- RESERVED
+CVE-2015-0436 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
+ TODO: check
+CVE-2015-0435 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2015-0434 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
CVE-2015-0433
RESERVED
-CVE-2015-0432
- RESERVED
+CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0431
- RESERVED
-CVE-2015-0430
- RESERVED
-CVE-2015-0429
- RESERVED
-CVE-2015-0428
- RESERVED
-CVE-2015-0427
- RESERVED
+CVE-2015-0431 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2015-0430 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
+ TODO: check
+CVE-2015-0429 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
+ TODO: check
+CVE-2015-0428 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
+ TODO: check
+CVE-2015-0427 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
-CVE-2015-0426
- RESERVED
-CVE-2015-0425
- RESERVED
-CVE-2015-0424
- RESERVED
+CVE-2015-0426 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
+ TODO: check
+CVE-2015-0425 (Unspecified vulnerability in the Oracle Enterprise Asset Management ...)
+ TODO: check
+CVE-2015-0424 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
+ TODO: check
CVE-2015-0423
RESERVED
-CVE-2015-0422
- RESERVED
-CVE-2015-0421
- RESERVED
+CVE-2015-0422 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2015-0421 (Unspecified vulnerability in Oracle Java SE 8u25 allows local users to ...)
- openjdk-8 <unfixed>
-CVE-2015-0420
- RESERVED
-CVE-2015-0419
- RESERVED
-CVE-2015-0418
- RESERVED
+CVE-2015-0420 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
+ TODO: check
+CVE-2015-0419 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (low; bug #775888)
- virtualbox-ose <removed> (low)
-CVE-2015-0417
- RESERVED
-CVE-2015-0416
- RESERVED
-CVE-2015-0415
- RESERVED
-CVE-2015-0414
- RESERVED
-CVE-2015-0413
- RESERVED
+CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
+ TODO: check
+CVE-2015-0415 (Unspecified vulnerability in the Oracle Application Object Library ...)
+ TODO: check
+CVE-2015-0414 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle ...)
+ TODO: check
+CVE-2015-0413 (Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local ...)
- openjdk-7 <undetermined>
- openjdk-8 <undetermined>
NOTE: Likely specific to Oracle Java, wait a bit until more details come up
-CVE-2015-0412
- RESERVED
+CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0411
- RESERVED
+CVE-2015-0411 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0410
- RESERVED
+CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0409
- RESERVED
+CVE-2015-0409 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...)
- mysql-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0408
- RESERVED
+CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0407
- RESERVED
+CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0406
- RESERVED
+CVE-2015-0406 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0405
RESERVED
-CVE-2015-0404
- RESERVED
-CVE-2015-0403
- RESERVED
+CVE-2015-0404 (Unspecified vulnerability in the Oracle Applications Framework ...)
+ TODO: check
+CVE-2015-0403 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2015-0402
- RESERVED
-CVE-2015-0401
- RESERVED
-CVE-2015-0400
- RESERVED
+CVE-2015-0402 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
+ TODO: check
+CVE-2015-0401 (Unspecified vulnerability in the Oracle Directory Server Enterprise ...)
+ TODO: check
+CVE-2015-0400 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <not-affected> (This only affects Java on Windows)
- openjdk-7 <not-affected> (This only affects Java on Windows)
- openjdk-8 <not-affected> (This only affects Java on Windows)
-CVE-2015-0399
- RESERVED
-CVE-2015-0398
- RESERVED
-CVE-2015-0397
- RESERVED
-CVE-2015-0396
- RESERVED
-CVE-2015-0395
- RESERVED
+CVE-2015-0399 (Unspecified vulnerability in the Oracle Business Intelligence ...)
+ TODO: check
+CVE-2015-0398 (Unspecified vulnerability in the Siebel Life Sciences component in ...)
+ TODO: check
+CVE-2015-0397 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
+ TODO: check
+CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0394
- RESERVED
-CVE-2015-0393
- RESERVED
-CVE-2015-0392
- RESERVED
-CVE-2015-0391
- RESERVED
+CVE-2015-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2015-0393 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
+ TODO: check
+CVE-2015-0392 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
+ TODO: check
+CVE-2015-0391 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
- mysql-5.5 5.5.39-1
[wheezy] - mysql-5.5 5.5.40-0+wheezy1
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0390
- RESERVED
-CVE-2015-0389
- RESERVED
-CVE-2015-0388
- RESERVED
-CVE-2015-0387
- RESERVED
-CVE-2015-0386
- RESERVED
-CVE-2015-0385
- RESERVED
+CVE-2015-0390 (Unspecified vulnerability in the MICROS Retail component in Oracle ...)
+ TODO: check
+CVE-2015-0389 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
+ TODO: check
+CVE-2015-0388 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2015-0387 (Unspecified vulnerability in the Siebel Core - Server OM Services ...)
+ TODO: check
+CVE-2015-0386 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
+ TODO: check
+CVE-2015-0385 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...)
- mysql-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0384
- RESERVED
-CVE-2015-0383
- RESERVED
+CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component in ...)
+ TODO: check
+CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2015-0382
- RESERVED
+CVE-2015-0382 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0381
- RESERVED
+CVE-2015-0381 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0380
- RESERVED
-CVE-2015-0379
- RESERVED
-CVE-2015-0378
- RESERVED
-CVE-2015-0377
- RESERVED
+CVE-2015-0380 (Unspecified vulnerability in the Oracle Telecommunications Billing ...)
+ TODO: check
+CVE-2015-0379 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2015-0378 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2015-0377 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox 4.3.2-dfsg-1
- virtualbox-ose <removed>
NOTE: According to http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html the 4.3
NOTE: series is not affected, so marking the first 4.3 upload as fixed
-CVE-2015-0376
- RESERVED
-CVE-2015-0375
- RESERVED
-CVE-2015-0374
- RESERVED
+CVE-2015-0376 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
+ TODO: check
+CVE-2015-0375 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
+ TODO: check
+CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2015-0373
- RESERVED
-CVE-2015-0372
- RESERVED
-CVE-2015-0371
- RESERVED
-CVE-2015-0370
- RESERVED
-CVE-2015-0369
- RESERVED
-CVE-2015-0368
- RESERVED
-CVE-2015-0367
- RESERVED
-CVE-2015-0366
- RESERVED
-CVE-2015-0365
- RESERVED
-CVE-2015-0364
- RESERVED
-CVE-2015-0363
- RESERVED
-CVE-2015-0362
- RESERVED
+CVE-2015-0373 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
+ TODO: check
+CVE-2015-0372 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
+ TODO: check
+CVE-2015-0371 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2015-0370 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2015-0369 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2015-0368 (Unspecified vulnerability in the Oracle Transportation Management ...)
+ TODO: check
+CVE-2015-0367 (Unspecified vulnerability in the Oracle Access Manager component in ...)
+ TODO: check
+CVE-2015-0366 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
+ TODO: check
+CVE-2015-0365 (Unspecified vulnerability in the Siebel Core - Server Infrastructure ...)
+ TODO: check
+CVE-2015-0364 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
+ TODO: check
+CVE-2015-0363 (Unspecified vulnerability in the Siebel Core EAI component in Oracle ...)
+ TODO: check
+CVE-2015-0362 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
+ TODO: check
CVE-2015-0361 (Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
@@ -2978,7 +3223,7 @@
[squeeze] - znc <no-dsa> (Minor issue)
NOTE: https://github.com/znc/znc/issues/528
NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487
-CVE-2014-9620 [Limit the number of ELF notes processed - DoS]
+CVE-2014-9620 (The ELF parser in file 5.08 through 5.21 allows remote attackers to ...)
{DSA-3121-1}
- file 1:5.21+15-1
[squeeze] - file <not-affected> (Introduced in 5.08)
@@ -2986,7 +3231,7 @@
NOTE: Report: http://mx.gw.com/pipermail/file/2014/001653.html
NOTE: Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
NOTE: Introduced by: https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423
-CVE-2014-9621 [Limit string printing to 100 chars - DoS]
+CVE-2014-9621 (The ELF parser in file 5.16 through 5.21 allows remote attackers to ...)
- file 1:5.21+15-1
[wheezy] - file <not-affected> (Introduced in 5.16)
[squeeze] - file <not-affected> (Introduced in 5.16)
@@ -2996,8 +3241,7 @@
NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html
NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16)
-CVE-2014-9494 [insufficient 'X-Forwarded-For' header validation]
- RESERVED
+CVE-2014-9494 (RabbitMQ before 3.4.0 allows remote attackers to bypass the ...)
- rabbitmq-server 3.4.1-1 (bug #773134)
[jessie] - rabbitmq-server 3.3.5-1.1
[wheezy] - rabbitmq-server <not-affected> (does not have this access control mechanism)
@@ -3091,8 +3335,7 @@
RESERVED
CVE-2014-9331
RESERVED
-CVE-2014-9330 [integer overflow in bmp2tiff]
- RESERVED
+CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
- tiff 4.0.3-12 (bug #773987)
[wheezy] - tiff <no-dsa> (Minor issue, might be fixed along with an upcoming DSA)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
@@ -3335,12 +3578,12 @@
RESERVED
CVE-2014-9227
RESERVED
-CVE-2014-9226
- RESERVED
-CVE-2014-9225
- RESERVED
-CVE-2014-9224
- RESERVED
+CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) ...)
+ TODO: check
+CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical ...)
+ TODO: check
+CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the ...)
+ TODO: check
CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei ...)
NOT-FOR-US: RomPager
NOTE: http://mis.fortunecook.ie/
@@ -5014,10 +5257,10 @@
RESERVED
CVE-2014-8915
RESERVED
-CVE-2014-8914
- RESERVED
-CVE-2014-8913
- RESERVED
+CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
+ TODO: check
+CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
+ TODO: check
CVE-2014-8912
RESERVED
CVE-2014-8911
@@ -5262,8 +5505,7 @@
RESERVED
CVE-2014-8791 (project/register.php in Tuleap before 7.7, when ...)
NOT-FOR-US: Enalean Tuleap
-CVE-2014-8790
- RESERVED
+CVE-2014-8790 (XML external entity (XXE) vulnerability in admin/api.php in GetSimple ...)
NOT-FOR-US: GetSimple CMS
CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated users to ...)
NOT-FOR-US: GleamTech FileVista
@@ -5317,7 +5559,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
NOTE: http://www.mantisbt.org/bugs/view.php?id=17742
-CVE-2014-9622 [xdg-open RCE]
+CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ...)
{DSA-3131-1}
- xdg-utils 1.1.0~rc1+git20111210-7.3 (bug #773085)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670
@@ -5763,8 +6005,7 @@
- php5 5.2.9.dfsg.1-1
NOTE: https://bugs.php.net/bug.php?id=45226
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
-CVE-2014-8625 [format string vulnerability]
- RESERVED
+CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...)
- dpkg 1.17.22 (unimportant; bug #768485)
[squeeze] - dpkg <not-affected> (Regression introduced in 1.16.2)
NOTE: Rendered non-exploitable by toolchain hardening
@@ -6116,10 +6357,10 @@
RESERVED
CVE-2014-8482
RESERVED
-CVE-2014-8479
- RESERVED
-CVE-2014-8478
- RESERVED
+CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware before ...)
+ TODO: check
+CVE-2014-8478 (The web server on Siemens SCALANCE X-300 switches with firmware before ...)
+ TODO: check
CVE-2014-8477
RESERVED
CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not ...)
@@ -6382,8 +6623,7 @@
NOT-FOR-US: Advantech WebAccess
CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...)
NOT-FOR-US: Advantech EKI-6340
-CVE-2014-8386
- RESERVED
+CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ...)
NOT-FOR-US: Advantech AdamView
CVE-2014-8385
RESERVED
@@ -6962,8 +7202,7 @@
NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...)
- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
-CVE-2014-8152 [treaming XML Signature verification failure]
- RESERVED
+CVE-2014-8152 (Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows ...)
- libxml-security-java <not-affected> (streaming XML Signature support introduced in 2.0.0)
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1634334
NOTE: http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
@@ -7384,8 +7623,8 @@
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2014-8008
- RESERVED
+CVE-2014-8008 (Absolute path traversal vulnerability in the Real-Time Monitoring Tool ...)
+ TODO: check
CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read ...)
NOT-FOR-US: Cisco
CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E ...)
@@ -7734,7 +7973,7 @@
CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine ...)
NOT-FOR-US: ZOHO
CVE-2014-7865
- RESERVED
+ REJECTED
CVE-2014-7864
RESERVED
CVE-2014-7863
@@ -9000,8 +9239,8 @@
NOT-FOR-US: Springshare LibCal
CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...)
NOT-FOR-US: Atlas Systems Aeon
-CVE-2014-7289
- RESERVED
+CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec ...)
+ TODO: check
CVE-2014-7288
RESERVED
CVE-2014-7287
@@ -10545,114 +10784,104 @@
NOTE: Squeeze version doesn't have res/res_fax_spandsp.c with the problem.
CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
NOT-FOR-US: M/Monit
-CVE-2014-6601
- RESERVED
+CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6600
- RESERVED
-CVE-2014-6599
- RESERVED
-CVE-2014-6598
- RESERVED
-CVE-2014-6597
- RESERVED
-CVE-2014-6596
- RESERVED
-CVE-2014-6595
- RESERVED
+CVE-2014-6600 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-6599 (Unspecified vulnerability in the Siebel Core - Common Components ...)
+ TODO: check
+CVE-2014-6598 (Unspecified vulnerability in the Oracle Communications Diameter ...)
+ TODO: check
+CVE-2014-6597 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6596 (Unspecified vulnerability in the Siebel UI Framework component in ...)
+ TODO: check
+CVE-2014-6595 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
-CVE-2014-6594
- RESERVED
-CVE-2014-6593
- RESERVED
+CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
+ TODO: check
+CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6592
- RESERVED
-CVE-2014-6591
- RESERVED
+CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
+ TODO: check
+CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- icu 52.1-7 (bug #775884)
-CVE-2014-6590
- RESERVED
+CVE-2014-6590 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
-CVE-2014-6589
- RESERVED
+CVE-2014-6589 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
-CVE-2014-6588
- RESERVED
+CVE-2014-6588 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox <unfixed> (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
-CVE-2014-6587
- RESERVED
+CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
-CVE-2014-6586
- RESERVED
-CVE-2014-6585
- RESERVED
+CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
+ TODO: check
+CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
- openjdk-8 <unfixed>
- icu 52.1-7 (bug #775884)
-CVE-2014-6584
- RESERVED
-CVE-2014-6583
- RESERVED
-CVE-2014-6582
- RESERVED
-CVE-2014-6581
- RESERVED
-CVE-2014-6580
- RESERVED
-CVE-2014-6579
- RESERVED
-CVE-2014-6578
- RESERVED
-CVE-2014-6577
- RESERVED
-CVE-2014-6576
- RESERVED
-CVE-2014-6575
- RESERVED
-CVE-2014-6574
- RESERVED
-CVE-2014-6573
- RESERVED
-CVE-2014-6572
- RESERVED
-CVE-2014-6571
- RESERVED
-CVE-2014-6570
- RESERVED
-CVE-2014-6569
- RESERVED
-CVE-2014-6568
- RESERVED
+CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
+ TODO: check
+CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
+ TODO: check
+CVE-2014-6582 (Unspecified vulnerability in the Oracle HCM Configuration Workbench ...)
+ TODO: check
+CVE-2014-6581 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
+ TODO: check
+CVE-2014-6580 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
+ TODO: check
+CVE-2014-6579 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6578 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
+ TODO: check
+CVE-2014-6577 (Unspecified vulnerability in the XML Developer's Kit for C component ...)
+ TODO: check
+CVE-2014-6576 (Unspecified vulnerability in the Oracle Adaptive Access Manager ...)
+ TODO: check
+CVE-2014-6575 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
+ TODO: check
+CVE-2014-6574 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
+ TODO: check
+CVE-2014-6573 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
+ TODO: check
+CVE-2014-6572 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
+ TODO: check
+CVE-2014-6571 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
+ TODO: check
+CVE-2014-6570 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
+ TODO: check
+CVE-2014-6569 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
+ TODO: check
+CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...)
- mysql-5.5 <unfixed> (bug #775881)
- mariadb-5.5 <removed>
- mariadb-10.0 <unfixed>
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
-CVE-2014-6567
- RESERVED
-CVE-2014-6566
- RESERVED
-CVE-2014-6565
- RESERVED
+CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
+ TODO: check
+CVE-2014-6566 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
+CVE-2014-6565 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
+ TODO: check
CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
@@ -10678,8 +10907,8 @@
- openjdk-8 8u40~b09-1
CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
-CVE-2014-6556
- RESERVED
+CVE-2014-6556 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
+ TODO: check
CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
{DSA-3054-1}
- mysql-5.5 5.5.40-1
@@ -10700,11 +10929,10 @@
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library ...)
NOT-FOR-US: Oracle
-CVE-2014-6549
- RESERVED
+CVE-2014-6549 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote ...)
- openjdk-8 <unfixed>
-CVE-2014-6548
- RESERVED
+CVE-2014-6548 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle ...)
+ TODO: check
CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle ...)
@@ -10717,8 +10945,8 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
NOT-FOR-US: Oracle Database Server
-CVE-2014-6541
- RESERVED
+CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Database ...)
+ TODO: check
CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-guest-additions <removed>
- virtualbox-guest-additions-iso 4.3.14-1
@@ -10756,23 +10984,23 @@
- percona-xtradb-cluster-5.5 <undetermined>
CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
NOT-FOR-US: Oracle Sun Solaris 11
-CVE-2014-6528
- RESERVED
+CVE-2014-6528 (Unspecified vulnerability in the Siebel Core - System Management ...)
+ TODO: check
CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6526
- RESERVED
-CVE-2014-6525
- RESERVED
-CVE-2014-6524
- RESERVED
+CVE-2014-6526 (Unspecified vulnerability in the Oracle Directory Server Enterprise ...)
+ TODO: check
+CVE-2014-6525 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
+ TODO: check
+CVE-2014-6524 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
+ TODO: check
CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2014-6521
- RESERVED
+CVE-2014-6521 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
+ TODO: check
CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
{DSA-3054-1}
- mysql-5.5 5.5.39-1
@@ -10785,8 +11013,8 @@
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 8u40~b09-1
-CVE-2014-6518
- RESERVED
+CVE-2014-6518 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local ...)
+ TODO: check
CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...)
{DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
@@ -10798,8 +11026,8 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2014-6514
- RESERVED
+CVE-2014-6514 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
+ TODO: check
CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and ...)
- openjdk-6 <not-affected> (Windows-specific)
- openjdk-7 <not-affected> (Windows-specific)
@@ -10815,10 +11043,10 @@
- openjdk-6 6b33-1.13.5-1
- openjdk-7 7u71-2.5.3-1
- openjdk-8 8u40~b09-1
-CVE-2014-6510
- RESERVED
-CVE-2014-6509
- RESERVED
+CVE-2014-6510 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
+ TODO: check
+CVE-2014-6509 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
+ TODO: check
CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
@@ -10927,10 +11155,10 @@
NOT-FOR-US: Oracle Database Server
CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2014-6481
- RESERVED
-CVE-2014-6480
- RESERVED
+CVE-2014-6481 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote ...)
+ TODO: check
+CVE-2014-6480 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
+ TODO: check
CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
@@ -11721,8 +11949,8 @@
NOT-FOR-US: IBM
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in ...)
NOT-FOR-US: IBM
-CVE-2014-6172
- RESERVED
+CVE-2014-6172 (IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to ...)
+ TODO: check
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
NOT-FOR-US: IBM
CVE-2014-6170
@@ -16165,8 +16393,8 @@
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Oracle Sun Solaris 11
-CVE-2014-4279
- RESERVED
+CVE-2014-4279 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
+ TODO: check
CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
@@ -16223,8 +16451,8 @@
- mariadb-5.5 5.5.38-1 (bug #754940)
- mariadb-10.0 <not-affected> (Fixed before initial upload)
- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
-CVE-2014-4259
- RESERVED
+CVE-2014-4259 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
+ TODO: check
CVE-2014-4258 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2985-1}
- mysql-5.5 5.5.39-1 (bug #754941)
@@ -18643,8 +18871,8 @@
CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows ...)
- vlc <not-affected> (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid)
NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
-CVE-2014-3440
- RESERVED
+CVE-2014-3440 (The Agent Control Interface in the management server in Symantec ...)
+ TODO: check
CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console ...)
@@ -26035,8 +26263,7 @@
NOT-FOR-US: Ops View
CVE-2013-7253
RESERVED
-CVE-2013-7252 [kwallet crypto misuse]
- RESERVED
+CVE-2013-7252 (kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ...)
- kde-runtime 4:4.12.2-1
[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
- kdebase-runtime <removed>
@@ -28003,8 +28230,7 @@
- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to ...)
- foreman <itp> (bug #663101)
-CVE-2014-0191 [external parameter entity loaded when entity substitution is disabled]
- RESERVED
+CVE-2014-0191 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
{DSA-2978-1 DLA-80-1 DLA-0016-1}
- libxml2 2.9.1+dfsg1-4 (bug #747309)
[squeeze] - libxml2 2.7.8.dfsg-2+squeeze9
@@ -28765,8 +28991,7 @@
RESERVED
CVE-2013-6893
RESERVED
-CVE-2013-6892 [websvn arbitrary file access when downloads enabled for users with commit access]
- RESERVED
+CVE-2013-6892 (WebSVN 2.3.3 allows remote authenticated users to read arbitrary files ...)
- websvn <unfixed> (bug #775682)
CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, ...)
- cups 1.7.1-1
More information about the Secure-testing-commits
mailing list