[Secure-testing-commits] r30198 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Thu Nov 20 21:13:29 UTC 2014 

Author: sectracker
Date: 2014-11-20 21:13:29 +0000 (Thu, 20 Nov 2014)
New Revision: 30198

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-20 20:54:42 UTC (rev 30197)
+++ data/CVE/list	2014-11-20 21:13:29 UTC (rev 30198)
@@ -1,10 +1,56 @@
+CVE-2014-9014
+	RESERVED
+CVE-2014-9013
+	RESERVED
+CVE-2014-9012
+	RESERVED
+CVE-2014-9011
+	RESERVED
+CVE-2014-9010
+	RESERVED
+CVE-2014-9009
+	RESERVED
+CVE-2014-9008
+	RESERVED
+CVE-2014-9007
+	RESERVED
+CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login ...)
+	TODO: check
+CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 ...)
+	TODO: check
+CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 ...)
+	TODO: check
+CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix ...)
+	TODO: check
+CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to ips/, ...)
+	TODO: check
+CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote ...)
+	TODO: check
+CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly restrict ...)
+	TODO: check
+CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in ...)
+	TODO: check
+CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote ...)
+	TODO: check
+CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in ...)
+	TODO: check
+CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog ...)
+	TODO: check
+CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...)
+	TODO: check
+CVE-2014-8993
+	RESERVED
+CVE-2014-8992
+	RESERVED
 CVE-2014-XXXX [XSA-113]
 	- xen <unfixed>
 CVE-2014-9015 [Session hijacking]
+	{DSA-3075-1}
 	- drupal7 <unfixed>
 	- drupal6 <removed>
 	NOTE: https://www.drupal.org/SA-CORE-2014-006
 CVE-2014-9016 [Denial of service]
+	{DSA-3075-1}
 	- drupal7 <unfixed>
 	- drupal6 <not-affected> (Only affects Drupal 7.x)
 	NOTE: https://www.drupal.org/SA-CORE-2014-006
@@ -612,13 +658,16 @@
 CVE-2015-0001
 	RESERVED
 CVE-2014-8994 [Insecure use of /tmp files]
+	RESERVED
 	NOT-FOR-US: check_diskio nagios/icinga plugin
 CVE-2014-8989 [Linux user namespaces can bypass group-based restrictions]
+	RESERVED
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
 	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
 	NOTE: http://thread.gmane.org/gmane.linux.man/7385/
 CVE-2014-8986 [XSS]
+	RESERVED
 	- mantis <unfixed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
@@ -1062,6 +1111,7 @@
 	- zoph <removed>
 	NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
 CVE-2014-8988 [information disclosure in MantisBT attachments]
+	RESERVED
 	- mantis <unfixed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
@@ -1071,11 +1121,13 @@
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670
 	TODO: check
 CVE-2014-8991 [Local DoS with predictable temp directory names]
+	RESERVED
 	- python-pip <unfixed> (bug #725847)
 	[wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
 	[squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
 	NOTE: https://github.com/pypa/pip/pull/2122
 CVE-2014-8987 [Cross-Site Scripting in adm_config_report.php]
+	RESERVED
 	- mantis <not-affected> (Vulnerable code introduced later)
 	NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17
 	NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089
@@ -1305,8 +1357,8 @@
 	RESERVED
 CVE-2014-8630
 	RESERVED
-CVE-2014-8629
-	RESERVED
+CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page visualization ...)
+	TODO: check
 CVE-2014-8624
 	RESERVED
 CVE-2014-8623
@@ -1369,12 +1421,10 @@
 	RESERVED
 CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow ...)
 	TODO: check
-CVE-2014-8595 [XSA-110]
-	RESERVED
+CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
 	- xen <unfixed> (bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-8594 [XSA-109]
-	RESERVED
+CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x ...)
 	- xen <unfixed> (bug #770230)
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
 CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani ...)
@@ -1723,6 +1773,7 @@
 CVE-2014-8490
 	RESERVED
 CVE-2014-8990 [code execution]
+	RESERVED
 	- lsyncd <unfixed> (low; bug #767227)
 	[wheezy] - lsyncd <no-dsa> (Minor issue)
 	[squeeze] - lsyncd <no-dsa> (Minor issue)
@@ -2014,8 +2065,7 @@
 CVE-2014-8388
 	RESERVED
 	NOT-FOR-US: Advantech WebAccess
-CVE-2014-8387
-	RESERVED
+CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...)
 	NOT-FOR-US: Advantech EKI-6340
 CVE-2014-8386
 	RESERVED
@@ -3373,8 +3423,7 @@
 	- ruby-actionpack-3.2 <removed>
 	- ruby-actionpack-2.3 <removed>
 	TODO: check
-CVE-2014-7828 [password not required when OTP in use]
-	RESERVED
+CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is ...)
 	- freeipa 4.0.5-1 (bug #768294)
 	NOTE: https://fedorahosted.org/freeipa/ticket/4690
 CVE-2014-7827
@@ -4475,8 +4524,8 @@
 	NOT-FOR-US: Newtelligence dasBlog
 CVE-2014-7291
 	RESERVED
-CVE-2014-7290
-	RESERVED
+CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...)
+	TODO: check
 CVE-2014-7289
 	RESERVED
 CVE-2014-7288
@@ -5940,20 +5989,20 @@
 	RESERVED
 CVE-2014-6628
 	RESERVED
-CVE-2014-6627
-	RESERVED
-CVE-2014-6626
-	RESERVED
-CVE-2014-6625
-	RESERVED
-CVE-2014-6624
-	RESERVED
+CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
+	TODO: check
+CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...)
+	TODO: check
+CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...)
+	TODO: check
+CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...)
+	TODO: check
 CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module ...)
 	TODO: check
-CVE-2014-6622
-	RESERVED
-CVE-2014-6621
-	RESERVED
+CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows ...)
+	TODO: check
+CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...)
+	TODO: check
 CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass ...)
 	TODO: check
 CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -8893,8 +8942,8 @@
 	NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress
 CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...)
 	NOT-FOR-US: Feng Office
-CVE-2014-5342
-	RESERVED
+CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
+	TODO: check
 CVE-2014-5341
 	RESERVED
 CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
@@ -13155,11 +13204,11 @@
 	[squeeze] - qemu-kvm <end-of-life>
 	NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
 CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
-	{DSA-3026-1}
+	{DSA-3026-1 DLA-87-1}
 	- dbus 1.8.8-1
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919
 CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus ...)
-	{DSA-3026-1}
+	{DSA-3026-1 DLA-87-1}
 	- dbus 1.8.8-1
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053
 CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does ...)
@@ -13794,7 +13843,7 @@
 	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
 	NOTE: http://bugs.php.net/bug.php?id=67410
 CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
-	{DSA-2971-1}
+	{DSA-2971-1 DLA-87-1}
 	- dbus 1.8.4-1 (low)
 	[squeeze] - dbus <no-dsa> (Minor issue)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979
@@ -16828,8 +16877,8 @@
 CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...)
 	- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
 	NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
-CVE-2014-2382
-	RESERVED
+CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and ...)
+	TODO: check
 CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)

More information about the Secure-testing-commits mailing list