Author: sectracker Date: 2014-11-20 21:13:29 +0000 (Thu, 20 Nov 2014) New Revision: 30198
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-11-20 20:54:42 UTC (rev 30197) +++ data/CVE/list 2014-11-20 21:13:29 UTC (rev 30198) @@ -1,10 +1,56 @@ +CVE-2014-9014 + RESERVED +CVE-2014-9013 + RESERVED +CVE-2014-9012 + RESERVED +CVE-2014-9011 + RESERVED +CVE-2014-9010 + RESERVED +CVE-2014-9009 + RESERVED +CVE-2014-9008 + RESERVED +CVE-2014-9007 + RESERVED +CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login ...) + TODO: check +CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 ...) + TODO: check +CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 ...) + TODO: check +CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix ...) + TODO: check +CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to ips/, ...) + TODO: check +CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote ...) + TODO: check +CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly restrict ...) + TODO: check +CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in ...) + TODO: check +CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote ...) + TODO: check +CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in ...) + TODO: check +CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog ...) + TODO: check +CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...) + TODO: check +CVE-2014-8993 + RESERVED +CVE-2014-8992 + RESERVED CVE-2014-XXXX [XSA-113] - xen <unfixed> CVE-2014-9015 [Session hijacking] + {DSA-3075-1} - drupal7 <unfixed> - drupal6 <removed> NOTE: https://www.drupal.org/SA-CORE-2014-006 CVE-2014-9016 [Denial of service] + {DSA-3075-1} - drupal7 <unfixed> - drupal6 <not-affected> (Only affects Drupal 7.x) NOTE: https://www.drupal.org/SA-CORE-2014-006 @@ -612,13 +658,16 @@ CVE-2015-0001 RESERVED CVE-2014-8994 [Insecure use of /tmp files] + RESERVED NOT-FOR-US: check_diskio nagios/icinga plugin CVE-2014-8989 [Linux user namespaces can bypass group-based restrictions] + RESERVED - linux <unfixed> [wheezy] - linux <not-affected> (User namespaces only usable in later kernels) - linux-2.6 <not-affected> (User namespaces only usable in later kernels) NOTE: http://thread.gmane.org/gmane.linux.man/7385/ CVE-2014-8986 [XSS] + RESERVED - mantis <unfixed> [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40 @@ -1062,6 +1111,7 @@ - zoph <removed> NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C CVE-2014-8988 [information disclosure in MantisBT attachments] + RESERVED - mantis <unfixed> [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b @@ -1071,11 +1121,13 @@ NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670 TODO: check CVE-2014-8991 [Local DoS with predictable temp directory names] + RESERVED - python-pip <unfixed> (bug #725847) [wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3) [squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3) NOTE: https://github.com/pypa/pip/pull/2122 CVE-2014-8987 [Cross-Site Scripting in adm_config_report.php] + RESERVED - mantis <not-affected> (Vulnerable code introduced later) NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17 NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089 @@ -1305,8 +1357,8 @@ RESERVED CVE-2014-8630 RESERVED -CVE-2014-8629 - RESERVED +CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page visualization ...) + TODO: check CVE-2014-8624 RESERVED CVE-2014-8623 @@ -1369,12 +1421,10 @@ RESERVED CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow ...) TODO: check -CVE-2014-8595 [XSA-110] - RESERVED +CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...) - xen <unfixed> (bug #770230) [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) -CVE-2014-8594 [XSA-109] - RESERVED +CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x ...) - xen <unfixed> (bug #770230) [squeeze] - xen <end-of-life> (Unsupported in squeeze-lts) CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani ...) @@ -1723,6 +1773,7 @@ CVE-2014-8490 RESERVED CVE-2014-8990 [code execution] + RESERVED - lsyncd <unfixed> (low; bug #767227) [wheezy] - lsyncd <no-dsa> (Minor issue) [squeeze] - lsyncd <no-dsa> (Minor issue) @@ -2014,8 +2065,7 @@ CVE-2014-8388 RESERVED NOT-FOR-US: Advantech WebAccess -CVE-2014-8387 - RESERVED +CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...) NOT-FOR-US: Advantech EKI-6340 CVE-2014-8386 RESERVED @@ -3373,8 +3423,7 @@ - ruby-actionpack-3.2 <removed> - ruby-actionpack-2.3 <removed> TODO: check -CVE-2014-7828 [password not required when OTP in use] - RESERVED +CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is ...) - freeipa 4.0.5-1 (bug #768294) NOTE: https://fedorahosted.org/freeipa/ticket/4690 CVE-2014-7827 @@ -4475,8 +4524,8 @@ NOT-FOR-US: Newtelligence dasBlog CVE-2014-7291 RESERVED -CVE-2014-7290 - RESERVED +CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...) + TODO: check CVE-2014-7289 RESERVED CVE-2014-7288 @@ -5940,20 +5989,20 @@ RESERVED CVE-2014-6628 RESERVED -CVE-2014-6627 - RESERVED -CVE-2014-6626 - RESERVED -CVE-2014-6625 - RESERVED -CVE-2014-6624 - RESERVED +CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...) + TODO: check +CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...) + TODO: check +CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...) + TODO: check +CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...) + TODO: check CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module ...) TODO: check -CVE-2014-6622 - RESERVED -CVE-2014-6621 - RESERVED +CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows ...) + TODO: check +CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...) + TODO: check CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass ...) TODO: check CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...) @@ -8893,8 +8942,8 @@ NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...) NOT-FOR-US: Feng Office -CVE-2014-5342 - RESERVED +CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...) + TODO: check CVE-2014-5341 RESERVED CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...) @@ -13155,11 +13204,11 @@ [squeeze] - qemu-kvm <end-of-life> NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...) - {DSA-3026-1} + {DSA-3026-1 DLA-87-1} - dbus 1.8.8-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919 CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus ...) - {DSA-3026-1} + {DSA-3026-1 DLA-87-1} - dbus 1.8.8-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053 CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does ...) @@ -13794,7 +13843,7 @@ [squeeze] - php5 <not-affected> (Vulnerable code was introduced later) NOTE: http://bugs.php.net/bug.php?id=67410 CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...) - {DSA-2971-1} + {DSA-2971-1 DLA-87-1} - dbus 1.8.4-1 (low) [squeeze] - dbus <no-dsa> (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979 @@ -16828,8 +16877,8 @@ CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...) - php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619) NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled -CVE-2014-2382 - RESERVED +CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and ...) + TODO: check CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...) NOT-FOR-US: Schneider Electric CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits