[Secure-testing-commits] r32535 - data/CVE

Fri Feb 27 21:10:15 UTC 2015

Author: sectracker
Date: 2015-02-27 21:10:15 +0000 (Fri, 27 Feb 2015)
New Revision: 32535

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-02-27 20:47:44 UTC (rev 32534)
+++ data/CVE/list	2015-02-27 21:10:15 UTC (rev 32535)
@@ -1,3 +1,45 @@
+CVE-2015-2100
+	RESERVED
+CVE-2015-2099
+	RESERVED
+CVE-2015-2098
+	RESERVED
+CVE-2015-2097
+	RESERVED
+CVE-2015-2096
+	RESERVED
+CVE-2015-2095
+	RESERVED
+CVE-2015-2094
+	RESERVED
+CVE-2015-2093
+	RESERVED
+CVE-2015-2092
+	RESERVED
+CVE-2015-2090 (SQL injection vulnerability in the ajax_survey function in ...)
+	TODO: check
+CVE-2015-2089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-2088 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
+	TODO: check
+CVE-2015-2087 (Unrestricted file upload vulnerability in the Avatar Uploader module ...)
+	TODO: check
+CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the ...)
+	TODO: check
+CVE-2014-9686
+	RESERVED
+CVE-2013-7433
+	RESERVED
+CVE-2013-7432
+	RESERVED
+CVE-2013-7431
+	RESERVED
+CVE-2013-7430
+	RESERVED
+CVE-2013-7429
+	RESERVED
+CVE-2013-7428
+	RESERVED
 CVE-2015-2085
 	RESERVED
 CVE-2015-2084 (Cross-site request forgery (CSRF) vulnerability in the Easy Social ...)
@@ -1052,9 +1094,12 @@
 	NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/1
 CVE-2015-2091 [vulnerability involving the server config context]
+	RESERVED
+	{DSA-3177-1}
 	- mod-gnutls 0.6-1.3 (bug #578663)
 	NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
 CVE-2009-5144 [vulnerability involving the directory context]
+	RESERVED
 	- mod-gnutls 0.5.6-1 (bug #578663)
 	NOTE: http://issues.outoforder.cc/view.php?id=93
 	TODO: check, the patch from http://issues.outoforder.cc/view.php?id=93 is applied in 0.5.6 upstream
@@ -1505,7 +1550,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 CVE-2014-9680 [preserves TZ by default]
 	RESERVED
-	{DSA-3167-1}
+	{DSA-3167-1 DLA-160-1}
 	- sudo 1.8.12-1 (bug #772707)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
 	NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
@@ -1572,6 +1617,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/11
 CVE-2012-6689 [incorrect validation of netlink message origin allows attackers to spoof netlink messages]
+	RESERVED
 	- linux 3.8.11-1
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
@@ -3127,8 +3173,8 @@
 	RESERVED
 CVE-2015-0978
 	RESERVED
-CVE-2015-0977
-	RESERVED
+CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
+	TODO: check
 CVE-2015-0976
 	RESERVED
 CVE-2015-0975
@@ -3582,10 +3628,10 @@
 	RESERVED
 CVE-2015-0884
 	RESERVED
-CVE-2015-0883
-	RESERVED
-CVE-2015-0882
-	RESERVED
+CVE-2015-0883 (SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth ...)
+	TODO: check
+CVE-2015-0882 (Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka ...)
+	TODO: check
 CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.10 allows remote ...)
 	- squid <undetermined>
 	- squid3 <undetermined>
@@ -4085,8 +4131,8 @@
 	RESERVED
 CVE-2015-0652
 	RESERVED
-CVE-2015-0651
-	RESERVED
+CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in ...)
+	TODO: check
 CVE-2015-0650
 	RESERVED
 CVE-2015-0649
@@ -4123,8 +4169,8 @@
 	RESERVED
 CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing ...)
 	TODO: check
-CVE-2015-0632
-	RESERVED
+CVE-2015-0632 (Race condition in the Neighbor Discovery (ND) protocol implementation ...)
+	TODO: check
 CVE-2015-0631 (Race condition in the SSL implementation on Cisco Intrusion Prevention ...)
 	TODO: check
 CVE-2015-0630
@@ -4199,8 +4245,8 @@
 	NOT-FOR-US: Cisco
 CVE-2015-0595 (The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier ...)
 	NOT-FOR-US: Cisco
-CVE-2015-0594
-	RESERVED
+CVE-2015-0594 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
+	TODO: check
 CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
 	NOT-FOR-US: Cisco
 CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
@@ -4925,7 +4971,7 @@
 	[squeeze] - cabextract <no-dsa> (Minor issue)
 	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
 CVE-2012-6686
-	REJECTED
+	RESERVED
 CVE-2012-6685 [ruby-nokogiri XXE]
 	RESERVED
 	- ruby-nokogiri 1.5.4-1 (low)
@@ -24795,8 +24841,8 @@
 	NOT-FOR-US: Cisco
 CVE-2014-2189
 	RESERVED
-CVE-2014-2188
-	RESERVED
+CVE-2014-2188 (The Authentication Proxy feature in Cisco IOS does not properly handle ...)
+	TODO: check
 CVE-2014-2187
 	RESERVED
 CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
@@ -31206,6 +31252,7 @@
 	NOTE: https://issues.apache.org/jira/browse/XALANJ-2435
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1581058
 CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...)
+	{DLA-160-1}
 	- sudo 1.8.5p2-1 (low)
 	[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
 	NOTE: http://www.sudo.ws/sudo/alerts/env_add.html


