[Secure-testing-commits] r40507 - data/CVE

Mon Mar 21 21:10:11 UTC 2016

Author: sectracker
Date: 2016-03-21 21:10:11 +0000 (Mon, 21 Mar 2016)
New Revision: 40507

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-03-21 21:08:56 UTC (rev 40506)
+++ data/CVE/list	2016-03-21 21:10:11 UTC (rev 40507)
@@ -1,3 +1,9 @@
+CVE-2016-3618
+	RESERVED
+CVE-2016-3617
+	RESERVED
+CVE-2016-3616
+	RESERVED
 CVE-2016-3627 [stack exhaustion in libxml2 parsing xml files in recover mode]
 	- libxml2 <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
@@ -437,8 +443,8 @@
 	RESERVED
 CVE-2016-3398
 	RESERVED
-CVE-2014-9768
-	RESERVED
+CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...)
+	TODO: check
 CVE-2016-3397
 	RESERVED
 CVE-2016-3396
@@ -901,8 +907,8 @@
 	RESERVED
 	- linux <unfixed>
 	NOTE: http://xenbits.xen.org/xsa/advisory-171.html
-CVE-2016-3155
-	RESERVED
+CVE-2016-3155 (Siemens APOGEE Insight uses weak permissions for the application ...)
+	TODO: check
 CVE-2016-XXXX [use-after-free in unserialisation]
 	- hhvm <unfixed>
 	NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
@@ -3554,8 +3560,8 @@
 	RESERVED
 CVE-2016-2288
 	RESERVED
-CVE-2016-2287
-	RESERVED
+CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR ...)
+	TODO: check
 CVE-2016-2286
 	RESERVED
 CVE-2016-2285
@@ -3566,8 +3572,8 @@
 	NOT-FOR-US: Moxa ioLogik E2200 devices
 CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
 	NOT-FOR-US: Moxa ioLogik E2200 devices
-CVE-2016-2281
-	RESERVED
+CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 ...)
+	TODO: check
 CVE-2016-2280
 	RESERVED
 CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
@@ -3644,8 +3650,7 @@
 	RESERVED
 CVE-2016-2246
 	RESERVED
-CVE-2016-2245
-	RESERVED
+CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
 	NOT-FOR-US: HP Support Assistant
 CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers with ...)
 	NOT-FOR-US: HP LaserJet Printers
@@ -4709,7 +4714,7 @@
 	- iceweasel <not-affected> (Windows-specific)
 CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild.cpp ...)
 	- iceweasel <not-affected> (Windows-specific)
-CVE-2016-1974 (The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox ...)
+CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox ...)
 	{DSA-3520-1 DSA-3510-1}
 	- iceweasel <unfixed>
 	- firefox-esr 45.0esr-1
@@ -10107,8 +10112,8 @@
 	RESERVED
 CVE-2016-0284
 	RESERVED
-CVE-2016-0283
-	RESERVED
+CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) ...)
+	TODO: check
 CVE-2016-0282
 	RESERVED
 CVE-2016-0281
@@ -11764,12 +11769,12 @@
 	RESERVED
 CVE-2015-8155
 	RESERVED
-CVE-2015-8154
-	RESERVED
-CVE-2015-8153
-	RESERVED
-CVE-2015-8152
-	RESERVED
+CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...)
+	TODO: check
+CVE-2015-8153 (SQL injection vulnerability in Symantec Endpoint Protection Manager ...)
+	TODO: check
+CVE-2015-8152 (Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint ...)
+	TODO: check
 CVE-2015-8151 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows ...)
 	NOT-FOR-US: Symantec
 CVE-2015-8150 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows ...)
@@ -28967,8 +28972,8 @@
 	NOT-FOR-US: Serendipity
 CVE-2015-2287
 	RESERVED
-CVE-2015-2286
-	RESERVED
+CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before ...)
+	TODO: check
 CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
 	- upstart <not-affected> (Vulnerable cron.daily script not present)
 CVE-2014-9701 [XSS issue in MantisBT permalink_page.php]


