Author: sectracker
Date: 2014-11-20 21:13:29 +0000 (Thu, 20 Nov 2014)
New Revision: 30198
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-20 20:54:42 UTC (rev 30197)
+++ data/CVE/list 2014-11-20 21:13:29 UTC (rev 30198)
@@ -1,10 +1,56 @@
+CVE-2014-9014
+ RESERVED
+CVE-2014-9013
+ RESERVED
+CVE-2014-9012
+ RESERVED
+CVE-2014-9011
+ RESERVED
+CVE-2014-9010
+ RESERVED
+CVE-2014-9009
+ RESERVED
+CVE-2014-9008
+ RESERVED
+CVE-2014-9007
+ RESERVED
+CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login
...)
+ TODO: check
+CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before
2.7.1 ...)
+ TODO: check
+CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before
2.7.1 ...)
+ TODO: check
+CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix
...)
+ TODO: check
+CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to
ips/, ...)
+ TODO: check
+CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows
remote ...)
+ TODO: check
+CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly
restrict ...)
+ TODO: check
+CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php
in ...)
+ TODO: check
+CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote
...)
+ TODO: check
+CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo
functionality in ...)
+ TODO: check
+CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in
Nibbleblog ...)
+ TODO: check
+CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows
remote ...)
+ TODO: check
+CVE-2014-8993
+ RESERVED
+CVE-2014-8992
+ RESERVED
CVE-2014-XXXX [XSA-113]
- xen <unfixed>
CVE-2014-9015 [Session hijacking]
+ {DSA-3075-1}
- drupal7 <unfixed>
- drupal6 <removed>
NOTE: https://www.drupal.org/SA-CORE-2014-006
CVE-2014-9016 [Denial of service]
+ {DSA-3075-1}
- drupal7 <unfixed>
- drupal6 <not-affected> (Only affects Drupal 7.x)
NOTE: https://www.drupal.org/SA-CORE-2014-006
@@ -612,13 +658,16 @@
CVE-2015-0001
RESERVED
CVE-2014-8994 [Insecure use of /tmp files]
+ RESERVED
NOT-FOR-US: check_diskio nagios/icinga plugin
CVE-2014-8989 [Linux user namespaces can bypass group-based restrictions]
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (User namespaces only usable in later
kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later
kernels)
NOTE: http://thread.gmane.org/gmane.linux.man/7385/
CVE-2014-8986 [XSS]
+ RESERVED
- mantis <unfixed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE:
https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
@@ -1062,6 +1111,7 @@
- zoph <removed>
NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
CVE-2014-8988 [information disclosure in MantisBT attachments]
+ RESERVED
- mantis <unfixed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
@@ -1071,11 +1121,13 @@
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670
TODO: check
CVE-2014-8991 [Local DoS with predictable temp directory names]
+ RESERVED
- python-pip <unfixed> (bug #725847)
[wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
[squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
NOTE: https://github.com/pypa/pip/pull/2122
CVE-2014-8987 [Cross-Site Scripting in adm_config_report.php]
+ RESERVED
- mantis <not-affected> (Vulnerable code introduced later)
NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17
NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089
@@ -1305,8 +1357,8 @@
RESERVED
CVE-2014-8630
RESERVED
-CVE-2014-8629
- RESERVED
+CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page
visualization ...)
+ TODO: check
CVE-2014-8624
RESERVED
CVE-2014-8623
@@ -1369,12 +1421,10 @@
RESERVED
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07
allow ...)
TODO: check
-CVE-2014-8595 [XSA-110]
- RESERVED
+CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x
does not ...)
- xen <unfixed> (bug #770230)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-8594 [XSA-109]
- RESERVED
+CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through
4.4.x ...)
- xen <unfixed> (bug #770230)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani
...)
@@ -1723,6 +1773,7 @@
CVE-2014-8490
RESERVED
CVE-2014-8990 [code execution]
+ RESERVED
- lsyncd <unfixed> (low; bug #767227)
[wheezy] - lsyncd <no-dsa> (Minor issue)
[squeeze] - lsyncd <no-dsa> (Minor issue)
@@ -2014,8 +2065,7 @@
CVE-2014-8388
RESERVED
NOT-FOR-US: Advantech WebAccess
-CVE-2014-8387
- RESERVED
+CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access
Point ...)
NOT-FOR-US: Advantech EKI-6340
CVE-2014-8386
RESERVED
@@ -3373,8 +3423,7 @@
- ruby-actionpack-3.2 <removed>
- ruby-actionpack-2.3 <removed>
TODO: check
-CVE-2014-7828 [password not required when OTP in use]
- RESERVED
+CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is
...)
- freeipa 4.0.5-1 (bug #768294)
NOTE: https://fedorahosted.org/freeipa/ticket/4690
CVE-2014-7827
@@ -4475,8 +4524,8 @@
NOT-FOR-US: Newtelligence dasBlog
CVE-2014-7291
RESERVED
-CVE-2014-7290
- RESERVED
+CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas
Systems ...)
+ TODO: check
CVE-2014-7289
RESERVED
CVE-2014-7288
@@ -5940,20 +5989,20 @@
RESERVED
CVE-2014-6628
RESERVED
-CVE-2014-6627
- RESERVED
-CVE-2014-6626
- RESERVED
-CVE-2014-6625
- RESERVED
-CVE-2014-6624
- RESERVED
+CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1
allows ...)
+ TODO: check
+CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1
does not ...)
+ TODO: check
+CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and
6.4.x ...)
+ TODO: check
+CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and
6.4.x ...)
+ TODO: check
CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight
module ...)
TODO: check
-CVE-2014-6622
- RESERVED
-CVE-2014-6621
- RESERVED
+CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1
allows ...)
+ TODO: check
+CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1
does not ...)
+ TODO: check
CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks
ClearPass ...)
TODO: check
CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -8893,8 +8942,8 @@
NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress
CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows
remote ...)
NOT-FOR-US: Feng Office
-CVE-2014-5342
- RESERVED
+CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1
allows ...)
+ TODO: check
CVE-2014-5341
RESERVED
CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before
1.2.5i4 ...)
@@ -13155,11 +13204,11 @@
[squeeze] - qemu-kvm <end-of-life>
NOTE:
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8
does not ...)
- {DSA-3026-1}
+ {DSA-3026-1 DLA-87-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919
CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in
D-Bus ...)
- {DSA-3026-1}
+ {DSA-3026-1 DLA-87-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053
CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8
does ...)
@@ -13794,7 +13843,7 @@
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
NOTE: http://bugs.php.net/bug.php?id=67410
CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before
1.6.20, and ...)
- {DSA-2971-1}
+ {DSA-2971-1 DLA-87-1}
- dbus 1.8.4-1 (low)
[squeeze] - dbus <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979
@@ -16828,8 +16877,8 @@
CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is
enabled, ...)
- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
-CVE-2014-2382
- RESERVED
+CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and
...)
+ TODO: check
CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
NOT-FOR-US: Schneider Electric
CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal
4.0 SP1 ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
