[Secure-testing-commits] r39093 - data/CVE

Fri Jan 22 21:10:13 UTC 2016

Author: sectracker
Date: 2016-01-22 21:10:13 +0000 (Fri, 22 Jan 2016)
New Revision: 39093

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-01-22 19:04:31 UTC (rev 39092)
+++ data/CVE/list	2016-01-22 21:10:13 UTC (rev 39093)
@@ -1,3 +1,107 @@
+CVE-2016-2035
+	RESERVED
+CVE-2016-2034
+	RESERVED
+CVE-2016-2033
+	RESERVED
+CVE-2016-2032
+	RESERVED
+CVE-2016-2031
+	RESERVED
+CVE-2016-2030
+	RESERVED
+CVE-2016-2029
+	RESERVED
+CVE-2016-2028
+	RESERVED
+CVE-2016-2027
+	RESERVED
+CVE-2016-2026
+	RESERVED
+CVE-2016-2025
+	RESERVED
+CVE-2016-2024
+	RESERVED
+CVE-2016-2023
+	RESERVED
+CVE-2016-2022
+	RESERVED
+CVE-2016-2021
+	RESERVED
+CVE-2016-2020
+	RESERVED
+CVE-2016-2019
+	RESERVED
+CVE-2016-2018
+	RESERVED
+CVE-2016-2017
+	RESERVED
+CVE-2016-2016
+	RESERVED
+CVE-2016-2015
+	RESERVED
+CVE-2016-2014
+	RESERVED
+CVE-2016-2013
+	RESERVED
+CVE-2016-2012
+	RESERVED
+CVE-2016-2011
+	RESERVED
+CVE-2016-2010
+	RESERVED
+CVE-2016-2009
+	RESERVED
+CVE-2016-2008
+	RESERVED
+CVE-2016-2007
+	RESERVED
+CVE-2016-2006
+	RESERVED
+CVE-2016-2005
+	RESERVED
+CVE-2016-2004
+	RESERVED
+CVE-2016-2003
+	RESERVED
+CVE-2016-2002
+	RESERVED
+CVE-2016-2001
+	RESERVED
+CVE-2016-2000
+	RESERVED
+CVE-2016-1999
+	RESERVED
+CVE-2016-1998
+	RESERVED
+CVE-2016-1997
+	RESERVED
+CVE-2016-1996
+	RESERVED
+CVE-2016-1995
+	RESERVED
+CVE-2016-1994
+	RESERVED
+CVE-2016-1993
+	RESERVED
+CVE-2016-1992
+	RESERVED
+CVE-2016-1991
+	RESERVED
+CVE-2016-1990
+	RESERVED
+CVE-2016-1989
+	RESERVED
+CVE-2016-1988
+	RESERVED
+CVE-2016-1987
+	RESERVED
+CVE-2016-1986
+	RESERVED
+CVE-2016-1985
+	RESERVED
+CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
+	TODO: check
 CVE-2016-1980
 	RESERVED
 CVE-2016-1979
@@ -107,10 +211,12 @@
 CVE-2016-1927
 	RESERVED
 CVE-2016-1983 [Remove empty Host headers in client requests; resulting in invalid reads]
+	RESERVED
 	- privoxy 3.0.24-1
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
 CVE-2016-1982 [Prevent invalid reads in case of corrupt chunk-encoded content]
+	RESERVED
 	- privoxy 3.0.24-1
 	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
 	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
@@ -153,6 +259,7 @@
 CVE-2015-8772
 	RESERVED
 CVE-2016-1981 [net: e1000 infinite loop in start_xmit and e1000_receive_iov routines]
+	RESERVED
 	- qemu <unfixed> (bug #812307)
 	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
 	- qemu-kvm <removed>
@@ -2350,10 +2457,10 @@
 	RESERVED
 CVE-2016-1136
 	RESERVED
-CVE-2016-1135
-	RESERVED
-CVE-2016-1134
-	RESERVED
+CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices ...)
+	TODO: check
+CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 ...)
+	TODO: check
 CVE-2016-1133 (CRLF injection vulnerability in the on_req function in ...)
 	TODO: check
 CVE-2016-1132
@@ -5819,8 +5926,8 @@
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
 	- libav <undetermined>
 	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
-CVE-2015-8362
-	RESERVED
+CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
+	TODO: check
 CVE-2015-8361
 	RESERVED
 CVE-2015-8360
@@ -6557,8 +6664,7 @@
 	NOTE: http://sourceforge.net/p/latex2rtf/code/1152/tree//trunk/funct1.c?diff=50900fed34309d3c639c868f:1151
 	NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
 	NOTE: Rendered non-exploitable by toolchain hardening
-CVE-2015-8472 [Incomplete fix for CVE-2015-8126]
-	RESERVED
+CVE-2015-8472 (Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, ...)
 	{DSA-3443-1 DLA-375-1}
 	- libpng <unfixed> (bug #807112)
 	NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
@@ -7208,8 +7314,8 @@
 	NOT-FOR-US: Saia Burgess devices
 CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to ...)
 	NOT-FOR-US: Exemys
-CVE-2015-7909
-	RESERVED
+CVE-2015-7909 (Stack-based buffer overflow in Hospira Communication Engine (CE) ...)
+	TODO: check
 CVE-2015-7908 (Honeywell Midas gas detectors before 1.13b3 and Midas Black gas ...)
 	NOT-FOR-US: Honeywell Midas gas detectors and Midas Black gas detectors
 CVE-2015-7907 (Directory traversal vulnerability in the web server on Honeywell Midas ...)
@@ -11278,8 +11384,8 @@
 	RESERVED
 CVE-2015-6436
 	RESERVED
-CVE-2015-6435
-	RESERVED
+CVE-2015-6435 (An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower ...)
+	TODO: check
 CVE-2015-6434 (Cisco Prime Infrastructure does not properly restrict use of IFRAME ...)
 	TODO: check
 CVE-2015-6433 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
@@ -11324,8 +11430,8 @@
 	TODO: check
 CVE-2015-6413 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 ...)
 	TODO: check
-CVE-2015-6412
-	RESERVED
+CVE-2015-6412 (Cisco Modular Encoding Platform D9036 Software before 02.04.70 has ...)
+	TODO: check
 CVE-2015-6411 (Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides ...)
 	TODO: check
 CVE-2015-6410 (The Mobile and Remote Access (MRA) services implementation in Cisco ...)


