Author: sectracker
Date: 2015-03-27 21:10:16 +0000 (Fri, 27 Mar 2015)
New Revision: 33201
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-27 20:04:03 UTC (rev 33200)
+++ data/CVE/list 2015-03-27 21:10:16 UTC (rev 33201)
@@ -1,3 +1,19 @@
+CVE-2015-2756
+ RESERVED
+CVE-2015-2755
+ RESERVED
+CVE-2015-2752
+ RESERVED
+CVE-2015-2751
+ RESERVED
+CVE-2015-2748 (Websense TRITON AP-WEB before 8.0.0 does not properly restrict
access ...)
+ TODO: check
+CVE-2015-2747 (Multiple cross-site scripting (XSS) vulnerabilities in the data
loss ...)
+ TODO: check
+CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the
Appliance ...)
+ TODO: check
+CVE-2010-5323
+ RESERVED
CVE-2015-2774 [Erlang POODLE TLS vulnerability]
- erlang <unfixed>
NOTE: http://www.erlang.org/news/85
@@ -130,19 +146,21 @@
NOTE: entry might be split up depending on how many CVEs MITRE assigns,
NOTE: two were already assigned (CVE-2015-2753 and CVE-2015-2754)
CVE-2015-2754
+ RESERVED
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
NOTE: Reproducer:
https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0
CVE-2015-2753
+ RESERVED
[experimental] - freexl 1.0.1-1~exp1
- freexl 1.0.0g-1+deb8u1 (bug #781228)
NOTE: Reproducer:
https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0
CVE-2015-2685
RESERVED
-CVE-2015-2683
- RESERVED
-CVE-2015-2682
- RESERVED
+CVE-2015-2683 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before
Build 42.7 ...)
+ TODO: check
+CVE-2015-2682 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before
Build 42.7 ...)
+ TODO: check
CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS
RT-G32 ...)
NOT-FOR-US: Asus
CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix
GeniXCMS ...)
@@ -901,6 +919,7 @@
NOTE: https://www.drupal.org/SA-CORE-2015-001
NOTE:
http://cgit.drupalcode.org/drupal/commit/?id=8e54eca05a65c6231b02510e1917af0c9191e549
CVE-2015-2750 [SA-CORE-2015-001: Open redirect -- underlying problem lack of
checks for special "//"]
+ RESERVED
{DSA-3200-1}
- drupal7 7.32-1+deb8u2 (bug #780772)
- drupal6 <removed>
@@ -909,6 +928,7 @@
NOTE:
http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93
NOTE:
http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8
CVE-2015-2749 [SA-CORE-2015-001: Open redirect -- issue related "destination"
use]
+ RESERVED
{DSA-3200-1}
- drupal7 7.32-1+deb8u2 (bug #780772)
- drupal6 <removed>
@@ -8805,8 +8825,7 @@
RESERVED
CVE-2015-0280
RESERVED
-CVE-2015-0279
- RESERVED
+CVE-2015-0279 (JBoss RichFaces before 4.5.4 allows remote attackers to inject
...)
NOT-FOR-US: RichFaces
CVE-2015-0278 [incorrect revocation order while relinquishing privileges]
RESERVED
@@ -8889,12 +8908,13 @@
CVE-2015-0253
RESERVED
CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows
remote ...)
- {DSA-3199-1}
+ {DSA-3199-1 DLA-181-1}
- xerces-c 3.1.1-5.1 (bug #780827)
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
CVE-2015-0251
RESERVED
CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG
and (2) ...)
+ {DSA-3205-1 DLA-182-1}
- batik 1.7+dfsg-5 (bug #780897)
NOTE: https://issues.apache.org/jira/browse/BATIK-1018
NOTE: https://issues.apache.org/jira/browse/BATIK-1113
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
