automatic update

4 files changed, 26 insertions, 32 deletions

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index e2c0681bd3..c299d8dc1e 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -4106,8 +4106,7 @@ CVE-2011-3644
 	RESERVED
 CVE-2011-3643
 	RESERVED
-CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)]
-	RESERVED
+CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...)
 	- mahara <removed> (low; bug #699230)
 	[squeeze] - mahara <no-dsa> (Minor issue)
 	NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 6e969e95dc..92ef83dc8e 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -2937,8 +2937,8 @@ CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Coo
 	NOTE: https://github.com/PerlDancer/Dancer/issues/859
 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...)
 	- keystone 2012.1.1-11 (bug #694433)
-CVE-2012-5570
-	RESERVED
+CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...)
+	TODO: check
 CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...)
 	NOT-FOR-US: Drupal Webmail module
 CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial  ...)
@@ -5358,8 +5358,7 @@ CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
-CVE-2012-4512
-	RESERVED
+CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...)
 	- kdebase <removed> (unimportant)
 	- kde-baseapps <unfixed> (unimportant)
 	NOTE: Konqueror not supported security-wise
@@ -5759,8 +5758,7 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
-CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used]
-	RESERVED
+CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
 	[squeeze] - mediawiki <end-of-life>
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
@@ -6653,8 +6651,8 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph
 	NOT-FOR-US: Wangkongbao not in Debian
 CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input  ...)
 	NOT-FOR-US: Chamilo LMS
-CVE-2012-4029
-	RESERVED
+CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in  ...)
+	TODO: check
 CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data,  ...)
 	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index d5142491b8..0473fc6b1c 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -2907,8 +2907,8 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b
 	{DSA-3176-1 DLA-158-1}
 	- request-tracker4 4.2.8-3
 	- request-tracker3.8 <removed> (unimportant)
-CVE-2014-9470
-	RESERVED
+CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...)
+	TODO: check
 CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...)
 	NOT-FOR-US: vBulletin
 CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...)
@@ -3882,10 +3882,10 @@ CVE-2014-9131
 	RESERVED
 CVE-2014-9128
 	RESERVED
-CVE-2014-9127
-	RESERVED
-CVE-2014-9126
-	RESERVED
+CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...)
+	TODO: check
+CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...)
+	TODO: check
 CVE-2014-9125
 	RESERVED
 CVE-2014-9124
@@ -4882,8 +4882,8 @@ CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet s
 	NOT-FOR-US: Lexmark
 CVE-2014-8740
 	RESERVED
-CVE-2014-8739
-	RESERVED
+CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...)
+	TODO: check
 CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...)
 	NOT-FOR-US: Drupal module Open Atrium Core
 CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...)
@@ -7424,8 +7424,8 @@ CVE-2014-7865
 	REJECTED
 CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...)
 	NOT-FOR-US: ZOHO ManageEngine OpManager
-CVE-2014-7863
-	RESERVED
+CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...)
+	TODO: check
 CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...)
 	NOT-FOR-US: ManageEngine
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
@@ -21278,8 +21278,7 @@ CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiqui
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...)
 	NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2225
-	RESERVED
+CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...)
 	NOT-FOR-US: Ubiquiti Networks
 CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...)
 	NOT-FOR-US: Plogger
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index a95eeffbc9..90b2b49182 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -10757,8 +10757,7 @@ CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before
 	NOTE: http://botan.randombit.net/security.html
 CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record  ...)
 	- codeigniter <itp> (bug #471583)
-CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
-	RESERVED
+CVE-2015-5741 (The net/http library in net/http/transfer.go in Go before 1.4.3 does n ...)
 	- golang 2:1.4.2-4 (bug #795106)
 	[jessie] - golang <no-dsa> (Minor issue)
 	[wheezy] - golang <no-dsa> (Minor issue)
@@ -17299,8 +17298,8 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso
 	NOT-FOR-US: Accentis Content Resource Management System
 CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...)
 	NOT-FOR-US: Accentis Content Resource Management System
-CVE-2015-3423
-	RESERVED
+CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...)
+	TODO: check
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...)
 	NOT-FOR-US: SearchBlox
 CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...)
@@ -21041,8 +21040,8 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa
 	NOT-FOR-US: DLGuard
 CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...)
 	NOT-FOR-US: phpMoAdmin
-CVE-2015-2207
-	RESERVED
+CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...)
+	TODO: check
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...)
 	{DSA-3382-1 DLA-336-1}
 	- phpmyadmin 4:4.4.4-1 (unimportant)
@@ -21455,8 +21454,8 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502
 	NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
 	NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
 	NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
-CVE-2015-2062
-	RESERVED
+CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...)
+	TODO: check
 CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...)
 	NOT-FOR-US: PTC Creo View
 CVE-2015-2057
@@ -23277,8 +23276,7 @@ CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community
 	NOT-FOR-US: Magento
 CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the Mage_Adm ...)
 	NOT-FOR-US: Magento
-CVE-2015-1394
-	RESERVED
+CVE-2015-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Photo Galle ...)
 	NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11  ...)
 	NOT-FOR-US: WordPress plugin photo-gallery