Author: carnil
Date: 2015-01-27 20:30:56 +0000 (Tue, 27 Jan 2015)
New Revision: 31766
Modified:
data/CVE/list
Log:
Process NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-27 20:08:12 UTC (rev 31765)
+++ data/CVE/list 2015-01-27 20:30:56 UTC (rev 31766)
@@ -7,7 +7,7 @@
CVE-2015-1348
RESERVED
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in
osTicket ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2015-1344
RESERVED
CVE-2015-1343
@@ -73,13 +73,13 @@
CVE-2015-1313
RESERVED
CVE-2015-1312 (The Dealer Portal in SAP ERP does not properly restrict access,
which ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-1311 (The Extended Application Services (XS) in SAP HANA allows
remote ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-1310 (SQL injection vulnerability in SAP Adaptive Server Enterprise
(Sybase ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-1309 (XML external entity vulnerability in the Extended Computer
Aided Test ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2015-1305
RESERVED
CVE-2014-9643
@@ -383,7 +383,7 @@
CVE-2015-1177
RESERVED
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in
upload/scp/tickets.php in ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2015-1174
RESERVED
CVE-2015-1173
@@ -825,7 +825,7 @@
NOTE:
https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
NOTE:
http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer
3.6.3.0 ...)
- TODO: check
+ NOT-FOR-US: Macroplant iExplorer
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in
...)
TODO: check
CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC
media ...)
@@ -921,7 +921,7 @@
NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
NOTE: https://github.com/expressjs/serve-static/issues/26
CVE-2015-1048 (Open redirect vulnerability in the integrated web server on
Siemens ...)
- TODO: check
+ NOT-FOR-US: Simens
CVE-2015-1047
RESERVED
CVE-2015-1046
@@ -956,7 +956,7 @@
- puppet-module-puppetlabs-stdlib <unfixed> (bug #775535)
NOTE: http://puppetlabs.com/security/cve/cve-2015-1029
CVE-2015-1028 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link
...)
- TODO: check
+ NOT-FOR-US: D-Link router
CVE-2015-1027
RESERVED
CVE-2015-1026
@@ -1160,9 +1160,9 @@
CVE-2015-0926
RESERVED
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows
remote ...)
- TODO: check
+ NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the
root ...)
- TODO: check
+ NOT-FOR-US: Ceragon FiberAir IP-10 bridges
CVE-2015-0923
RESERVED
CVE-2014-999999
@@ -1541,7 +1541,7 @@
CVE-2015-0868
RESERVED
CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download
Log CGI ...)
- TODO: check
+ NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
CVE-2015-0866
RESERVED
CVE-2015-0865
@@ -2386,9 +2386,9 @@
CVE-2015-0555
RESERVED
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N
router with ...)
- TODO: check
+ NOT-FOR-US: ADB router
CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in
admin/pages/modify.php in ...)
- TODO: check
+ NOT-FOR-US: WebsiteBaker
CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in
concrete5 ...)
NOT-FOR-US: concrete5
CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
@@ -3063,11 +3063,11 @@
CVE-2015-0437 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote
...)
- openjdk-8 8u40~b22-1
CVE-2015-0436 (Unspecified vulnerability in the Oracle iLearning component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle iLearning
CVE-2015-0435 (Unspecified vulnerability in the Oracle Transportation
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0434 (Unspecified vulnerability in the Oracle Access Manager
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0433
RESERVED
CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
@@ -3078,45 +3078,45 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0431 (Unspecified vulnerability in the Oracle Transportation
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0430 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows local ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0429 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows local ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0428 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows local ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0427 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 4.3.18-dfsg-2 (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2015-0426 (Unspecified vulnerability in the Enterprise Manager Base
Platform ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0425 (Unspecified vulnerability in the Oracle Enterprise Asset
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0424 (Unspecified vulnerability in the Integrated Lights Out Manager
(ILOM) ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2015-0423
RESERVED
CVE-2015-0422 (Unspecified vulnerability in the Oracle Transportation
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2015-0421 (Unspecified vulnerability in Oracle Java SE 8u25 allows local
users to ...)
- openjdk-8 8u40~b22-1
CVE-2015-0420 (Unspecified vulnerability in the Oracle Forms component in
Oracle ...)
TODO: check
CVE-2015-0419 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 4.3.2-dfsg-1 (low; bug #775888)
- virtualbox-ose <removed> (low)
NOTE: This only affects releases < 4.3, so marking the first
4.3 upload as the fixed version
CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0415 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0414 (Unspecified vulnerability in the Oracle SOA Suite component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0413 (Unspecified vulnerability in Oracle Java SE 7u72 and 8u25
allows local ...)
- openjdk-7 <not-affected> (Specific to Oracle Java, not present in
IcedTea)
- openjdk-8 <not-affected> (Specific to Oracle Java, not present in
IcedTea)
@@ -3158,37 +3158,37 @@
CVE-2015-0405
RESERVED
CVE-2015-0404 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0403 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and
8u25 ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2015-0402 (Unspecified vulnerability in the Siebel Core - Server BizLogic
Script ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0401 (Unspecified vulnerability in the Oracle Directory Server
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0400 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and
8u25 ...)
- openjdk-6 <not-affected> (This only affects Java on Windows)
- openjdk-7 <not-affected> (This only affects Java on Windows)
- openjdk-8 <not-affected> (This only affects Java on Windows)
CVE-2015-0399 (Unspecified vulnerability in the Oracle Business Intelligence
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0398 (Unspecified vulnerability in the Siebel Life Sciences component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0397 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2015-0394 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0393 (Unspecified vulnerability in the Oracle Applications DBA
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0392 (Unspecified vulnerability in the Siebel Core - Server BizLogic
Script ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0391 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and
earlier, ...)
- mysql-5.5 5.5.39-1
[wheezy] - mysql-5.5 5.5.40-0+wheezy1
@@ -3197,15 +3197,15 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0390 (Unspecified vulnerability in the MICROS Retail component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0389 (Unspecified vulnerability in the Oracle OpenSSO component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0388 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0387 (Unspecified vulnerability in the Siebel Core - Server OM
Services ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0386 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0385 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and
earlier ...)
- mysql-5.5 <not-affected> (Only MySQL 5.6)
- mariadb-5.5 <not-affected> (Only MySQL 5.6)
@@ -3214,7 +3214,7 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
@@ -3234,20 +3234,20 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0380 (Unspecified vulnerability in the Oracle Telecommunications
Billing ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0379 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0378 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0377 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 4.3.2-dfsg-1
- virtualbox-ose <removed>
NOTE: According to
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html the
4.3
NOTE: series is not affected, so marking the first 4.3 upload as fixed
CVE-2015-0376 (Unspecified vulnerability in the Oracle WebCenter Content
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0375 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
@@ -3256,29 +3256,29 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0373 (Unspecified vulnerability in the OJVM component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0372 (Unspecified vulnerability in the Oracle Containers for J2EE
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0371 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0370 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0369 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0368 (Unspecified vulnerability in the Oracle Transportation
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0367 (Unspecified vulnerability in the Oracle Access Manager
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0366 (Unspecified vulnerability in the Siebel Core - EAI component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0365 (Unspecified vulnerability in the Siebel Core - Server
Infrastructure ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0364 (Unspecified vulnerability in the Siebel Core - EAI component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0363 (Unspecified vulnerability in the Siebel Core EAI component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0362 (Unspecified vulnerability in the BI Publisher (formerly XML
Publisher) ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2015-0361 (Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x
allows ...)
- xen <unfixed> (bug #776319)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
@@ -3846,9 +3846,9 @@
CVE-2014-9196
RESERVED
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require
authentication, ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact ProConOs and MultiProg
CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Arbiter 1094B GPS Substation Clock
CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before
8.1.4 ...)
NOT-FOR-US: Innominate mGuard
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly
VTS) 6.5 ...)
@@ -5491,9 +5491,9 @@
CVE-2014-8915
RESERVED
CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-8912
RESERVED
CVE-2014-8911
@@ -6595,9 +6595,9 @@
CVE-2014-8482
RESERVED
CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware
before ...)
- TODO: check
+ NOT-FOR-US: FTP server on Siemens SCALANCE X-300 switches
CVE-2014-8478 (The web server on Siemens SCALANCE X-300 switches with firmware
before ...)
- TODO: check
+ NOT-FOR-US: web server on Siemens SCALANCE X-300 switches
CVE-2014-8477
RESERVED
CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not
...)
@@ -7902,7 +7902,7 @@
CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System
2.1(3f) and ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8008 (Absolute path traversal vulnerability in the Real-Time
Monitoring Tool ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to
read ...)
NOT-FOR-US: Cisco
CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E ...)
@@ -11062,27 +11062,27 @@
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6600 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6599 (Unspecified vulnerability in the Siebel Core - Common
Components ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6598 (Unspecified vulnerability in the Oracle Communications Diameter
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6597 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6596 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6595 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox 4.3.18-dfsg-2 (bug #775888)
[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle iLearning
CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle
Java SE ...)
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
@@ -11105,44 +11105,44 @@
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72,
and ...)
- openjdk-6 6b34-1.13.6-1
- openjdk-7 7u75-2.5.4-1
- openjdk-8 8u40~b22-1
- icu <unfixed> (bug #776264)
CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager
(ILOM) ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6582 (Unspecified vulnerability in the Oracle HCM Configuration
Workbench ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6581 (Unspecified vulnerability in the Oracle Customer Intelligence
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6580 (Unspecified vulnerability in the Oracle Reports Developer
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6579 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6578 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6577 (Unspecified vulnerability in the XML Developer's Kit for C
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6576 (Unspecified vulnerability in the Oracle Adaptive Access Manager
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6575 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6574 (Unspecified vulnerability in the Oracle Agile PLM for Process
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6573 (Unspecified vulnerability in the Enterprise Manager Ops Center
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6572 (Unspecified vulnerability in the Oracle Customer Interaction
History ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6571 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6570 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
- TODO: check
+ NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6569 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and
earlier, ...)
{DSA-3135-1}
- mysql-5.5 <unfixed> (bug #775881)
@@ -11151,11 +11151,11 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6566 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6565 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and
earlier ...)
- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
@@ -11182,7 +11182,7 @@
CVE-2014-6557 (Unspecified vulnerability in the Application Performance
Management ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2014-6556 (Unspecified vulnerability in the Oracle Applications DBA
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier ...)
{DSA-3054-1}
- mysql-5.5 5.5.40-1
@@ -11206,7 +11206,7 @@
CVE-2014-6549 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote
...)
- openjdk-8 8u40~b22-1
CVE-2014-6548 (Unspecified vulnerability in the Oracle SOA Suite component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle
...)
NOT-FOR-US: Oracle Database Server
CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle
...)
@@ -11220,7 +11220,7 @@
CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle
Database ...)
NOT-FOR-US: Oracle Database Server
CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- virtualbox-guest-additions <removed>
- virtualbox-guest-additions-iso 4.3.14-1
@@ -11259,22 +11259,22 @@
CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6528 (Unspecified vulnerability in the Siebel Core - System
Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20
allows ...)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2014-6526 (Unspecified vulnerability in the Oracle Directory Server
Enterprise ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6525 (Unspecified vulnerability in the Oracle Web Applications
Desktop ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6524 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework
...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6521 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and
earlier ...)
{DSA-3054-1}
- mysql-5.5 5.5.39-1
@@ -11288,7 +11288,7 @@
- openjdk-7 7u71-2.5.3-1
- openjdk-8 8u40~b09-1
CVE-2014-6518 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows
local ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and
8u20; Java ...)
{DSA-3080-1 DSA-3077-1 DLA-96-1}
- openjdk-6 6b33-1.13.5-1
@@ -11301,7 +11301,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2014-6514 (Unspecified vulnerability in the PL/SQL component in Oracle
Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and
8u20, and ...)
- openjdk-6 <not-affected> (Windows-specific)
- openjdk-7 <not-affected> (Windows-specific)
@@ -11318,9 +11318,9 @@
- openjdk-7 7u71-2.5.3-1
- openjdk-8 8u40~b09-1
CVE-2014-6510 (Unspecified vulnerability in Oracle Solaris 11 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6509 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11
allows ...)
NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and
earlier, ...)
@@ -11430,9 +11430,9 @@
CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT
PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6481 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Oracle Solaris
CVE-2014-6480 (Unspecified vulnerability in the Solaris Cluster component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology
...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and
earlier, ...)
@@ -12177,7 +12177,7 @@
CVE-2014-6198
RESERVED
CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0
FP5 and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience
Factory ...)
NOT-FOR-US: IBM WEF
CVE-2014-6195
@@ -12227,7 +12227,7 @@
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process
Inspector in ...)
NOT-FOR-US: IBM
CVE-2014-6172 (IBM API Management 3.0 before 3.0.4.0 IF1 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 6.1.0 ...)
NOT-FOR-US: IBM
CVE-2014-6170
@@ -16672,7 +16672,7 @@
CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4279 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology
Stack ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
@@ -16730,7 +16730,7 @@
- mariadb-10.0 <not-affected> (Fixed before initial upload)
- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4259 (Unspecified vulnerability in the Solaris Cluster component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2014-4258 (Unspecified vulnerability in the MySQL Server component in
Oracle ...)
{DSA-2985-1}
- mysql-5.5 5.5.39-1 (bug #754941)
@@ -19154,7 +19154,7 @@
- vlc <not-affected> (VLC in Debian uses the system version of libpng
which handles the malformed file correctly as invalid)
NOTE:
http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
CVE-2014-3440 (The Agent Control Interface in the management server in
Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM)
12.1 ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
