diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 132 |
1 files changed, 93 insertions, 39 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a9bd012479ba..05792377bd1d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,60 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff"> + <topic>PostgreSQL -- multiple privilege issues</topic> + <affects> + <package> + <name>postgresql-server</name> + <range><lt>8.4.20</lt></range> + <range><ge>9.0.0</ge><lt>9.0.16</lt></range> + <range><ge>9.1.0</ge><lt>9.1.12</lt></range> + <range><ge>9.2.0</ge><lt>9.2.7</lt></range> + <range><ge>9.3.0</ge><lt>9.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PostgreSQL Project reports:</p> + <blockquote cite="http://www.postgresql.org/about/news/1506/"> + <p>This update fixes CVE-2014-0060, in which PostgreSQL did not + properly enforce the WITH ADMIN OPTION permission for ROLE management. + Before this fix, any member of a ROLE was able to grant others access + to the same ROLE regardless if the member was given the WITH ADMIN + OPTION permission. It also fixes multiple privilege escalation issues, + including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, + CVE-2014-0065, and CVE-2014-0066. More information on these issues can + be found on our security page and the security issue detail wiki page. + </p> + <p> + With this release, we are also alerting users to a known security hole + that allows other users on the same machine to gain access to an + operating system account while it is doing "make check": + CVE-2014-0067. "Make check" is normally part of building PostgreSQL + from source code. As it is not possible to fix this issue without + causing significant issues to our testing infrastructure, a patch will + be released separately and publicly. Until then, users are strongly + advised not to run "make check" on machines where untrusted users have + accounts.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0060</cvename> + <cvename>CVE-2014-0061</cvename> + <cvename>CVE-2014-0062</cvename> + <cvename>CVE-2014-0063</cvename> + <cvename>CVE-2014-0064</cvename> + <cvename>CVE-2014-0065</cvename> + <cvename>CVE-2014-0066</cvename> + <cvename>CVE-2014-0067</cvename> + </references> + <dates> + <discovery>2014-02-20</discovery> + <entry>2014-02-20</entry> + </dates> + </vuln> + <vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42"> <topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic> <affects> @@ -101,48 +155,48 @@ Note: Please add new entries to the beginning of this file. <li> <p>iSECURITY-105</p> <p>In some places, Jenkins XML API uses XStream to deserialize - arbitrary content, which is affected by CVE-2013-7285 reported - against XStream. This allows malicious users of Jenkins with - a limited set of permissions to execute arbitrary code inside - Jenkins master.</p> + arbitrary content, which is affected by CVE-2013-7285 reported + against XStream. This allows malicious users of Jenkins with + a limited set of permissions to execute arbitrary code inside + Jenkins master.</p> </li> <li> <p>SECURITY-76 & SECURITY-88 / CVE-2013-5573</p> <p>Restrictions of HTML tags for user-editable contents are too - lax. This allows malicious users of Jenkins to trick other - unsuspecting users into providing sensitive information.</p> + lax. This allows malicious users of Jenkins to trick other + unsuspecting users into providing sensitive information.</p> </li> <li> <p>SECURITY-109</p> <p>Plugging a hole in the earlier fix to SECURITY-55. Under some - circimstances, a malicious user of Jenkins can configure job - X to trigger another job Y that the user has no access to.</p> + circimstances, a malicious user of Jenkins can configure job + X to trigger another job Y that the user has no access to.</p> </li> <li> <p>SECURITY-108</p> <p>CLI job creation had a directory traversal vulnerability. This - allows a malicious user of Jenkins with a limited set of - permissions to overwrite files in the Jenkins master and - escalate privileges.</p> + allows a malicious user of Jenkins with a limited set of + permissions to overwrite files in the Jenkins master and + escalate privileges.</p> </li> <li> <p>SECURITY-106</p> <p>The embedded Winstone servlet container is susceptive to - session hijacking attack.</p> + session hijacking attack.</p> </li> <li> <p>SECURITY-93</p> <p>The password input control in the password parameter - definition in the Jenkins UI was serving the actual value of - the password in HTML, not an encrypted one. If a sensitive - value is set as the default value of such a parameter - definition, it can be exposed to unintended audience.</p> + definition in the Jenkins UI was serving the actual value of + the password in HTML, not an encrypted one. If a sensitive + value is set as the default value of such a parameter + definition, it can be exposed to unintended audience.</p> </li> <li> <p>SECURITY-89</p> <p>Deleting the user was not invalidating the API token, - allowing users to access Jenkins when they shouldn't be - allowed to do so.</p> + allowing users to access Jenkins when they shouldn't be + allowed to do so.</p> </li> <li> <p>SECURITY-80</p> @@ -151,52 +205,52 @@ Note: Please add new entries to the beginning of this file. <li> <p>SECURITY-79</p> <p>"Jenkins' own user database" was revealing the - presence/absence of users when login attempts fail.</p> + presence/absence of users when login attempts fail.</p> </li> <li> <p>SECURITY-77</p> <p>Jenkins had a cross-site scripting vulnerability in one of its - cookies. If Jenkins is deployed in an environment that allows - an attacker to override Jenkins cookies in victim's browser, - this vulnerability can be exploited.</p> + cookies. If Jenkins is deployed in an environment that allows + an attacker to override Jenkins cookies in victim's browser, + this vulnerability can be exploited.</p> </li> <li> <p>SECURITY-75</p> <p>Jenkins was vulnerable to session fixation attack. If Jenkins - is deployed in an environment that allows an attacker to - override Jenkins cookies in victim's browser, this - vulnerability can be exploited.</p> + is deployed in an environment that allows an attacker to + override Jenkins cookies in victim's browser, this + vulnerability can be exploited.</p> </li> <li> <p>SECURITY-74</p> <p>Stored XSS vulnerability. A malicious user of Jenkins with a - certain set of permissions can cause Jenkins to store - arbitrary HTML fragment.</p> + certain set of permissions can cause Jenkins to store + arbitrary HTML fragment.</p> </li> <li> <p>SECURITY-73</p> <p>Some of the system diagnostic functionalities were checking a - lesser permission than it should have. In a very limited - circumstances, this can cause an attacker to gain information - that he shouldn't have access to.</p> + lesser permission than it should have. In a very limited + circumstances, this can cause an attacker to gain information + that he shouldn't have access to.</p> </li> </ol> <p>Severity</p> <ol> <li>SECURITY-106, and SECURITY-80 are rated <strong>high</strong>. An attacker only - needs direct HTTP access to the server to mount this attack.</li> + needs direct HTTP access to the server to mount this attack.</li> <li>SECURITY-105, SECURITY-109, SECURITY-108, and SECURITY-74 are - rated <strong>high</strong>. These vulnerabilities allow attackes with valid - Jenkins user accounts to escalate privileges in various ways.</li> + rated <strong>high</strong>. These vulnerabilities allow attackes with valid + Jenkins user accounts to escalate privileges in various ways.</li> <li>SECURITY-76, SECURIT-88, and SECURITY-89 are rated <strong>medium.</strong> - These vulnerabilities requires an attacker to be an user of - Jenkins, and the mode of the attack is limited.</li> + These vulnerabilities requires an attacker to be an user of + Jenkins, and the mode of the attack is limited.</li> <li>SECURITY-93, and SECURITY-79 are <strong>rated</strong> low. These - vulnerabilities only affect a small part of Jenkins and has - limited impact.</li> + vulnerabilities only affect a small part of Jenkins and has + limited impact.</li> <li>SECURITY-77, SECURITY-75, and SECURITY-73 are <strong>rated</strong> low. These - vulnerabilities are hard to exploit unless combined with other - exploit in the network.</li> + vulnerabilities are hard to exploit unless combined with other + exploit in the network.</li> </ol> </blockquote> </body> |