[Secure-testing-commits] r35895 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Aug 5 09:10:22 UTC 2015
Author: sectracker
Date: 2015-08-05 09:10:22 +0000 (Wed, 05 Aug 2015)
New Revision: 35895
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-05 06:09:24 UTC (rev 35894)
+++ data/CVE/list 2015-08-05 09:10:22 UTC (rev 35895)
@@ -1,3 +1,17 @@
+CVE-2015-5724
+ RESERVED
+CVE-2015-5723
+ RESERVED
+CVE-2015-5722
+ RESERVED
+CVE-2015-5721
+ RESERVED
+CVE-2015-5720
+ RESERVED
+CVE-2015-5719
+ RESERVED
+CVE-2015-5718
+ RESERVED
CVE-2015-5734
- wordpress 4.2.4+dfsg-1 (bug #794560)
NOTE: https://core.trac.wordpress.org/changeset/33549
@@ -101,8 +115,8 @@
TODO: check
CVE-2015-5702
RESERVED
-CVE-2002-2446
- RESERVED
+CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...)
+ NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2015-5705 [argument injection vulnerability]
RESERVED
- devscripts 2.15.8 (bug #794365)
@@ -306,15 +320,13 @@
RESERVED
CVE-2015-5612
RESERVED
-CVE-2015-5623
- RESERVED
+CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...)
{DSA-3328-1}
- wordpress 4.2.3+dfsg-1
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
[squeeze] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/33357
-CVE-2015-5622
- RESERVED
+CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 ...)
- wordpress 4.2.3+dfsg-1
NOTE: https://core.trac.wordpress.org/changeset/33359
CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in ...)
@@ -935,22 +947,22 @@
NOT-FOR-US: Tournament module for Drupal
CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...)
NOT-FOR-US: Language Switcher Dropdown module for Drupal
-CVE-2014-9736
- RESERVED
-CVE-2013-7442
- RESERVED
-CVE-2012-6695
- RESERVED
-CVE-2012-6694
- RESERVED
-CVE-2012-6693
- RESERVED
-CVE-2011-5324
- RESERVED
-CVE-2011-5323
- RESERVED
-CVE-2011-5322
- RESERVED
+CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...)
+ TODO: check
+CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
+ TODO: check
+CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
+ TODO: check
+CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server ...)
+ TODO: check
+CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
+ TODO: check
+CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...)
+ TODO: check
+CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...)
+ TODO: check
+CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
+ TODO: check
CVE-2015-XXXX [Incomplete WPS and P2P NFC NDEF record payload length validation]
- wpa <unfixed>
- wpasupplicant <removed>
@@ -1954,18 +1966,18 @@
RESERVED
CVE-2015-4937
RESERVED
-CVE-2015-4936
- RESERVED
-CVE-2015-4935
- RESERVED
-CVE-2015-4934
- RESERVED
-CVE-2015-4933
- RESERVED
-CVE-2015-4932
- RESERVED
-CVE-2015-4931
- RESERVED
+CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through ...)
+ TODO: check
+CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
+ TODO: check
+CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
+ TODO: check
+CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
+ TODO: check
+CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
+ TODO: check
+CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
+ TODO: check
CVE-2015-4930
RESERVED
CVE-2015-4929
@@ -4464,16 +4476,16 @@
RESERVED
CVE-2015-3964
RESERVED
-CVE-2015-3963
- RESERVED
+CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
+ TODO: check
CVE-2015-3962
RESERVED
-CVE-2015-3961
- RESERVED
-CVE-2015-3960
- RESERVED
-CVE-2015-3959
- RESERVED
+CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...)
+ TODO: check
+CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
+ TODO: check
+CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
+ TODO: check
CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...)
NOT-FOR-US: Hospira LifeCare
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...)
@@ -4506,12 +4518,12 @@
RESERVED
CVE-2015-3943
RESERVED
-CVE-2015-3942
- RESERVED
+CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...)
+ TODO: check
CVE-2015-3941
RESERVED
-CVE-2015-3940
- RESERVED
+CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware ...)
+ TODO: check
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
NOT-FOR-US: IDS RTU 850C devices
CVE-2015-3938
@@ -5927,8 +5939,7 @@
NOTE: returned error from dovecot, related to openssl bug:
NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
NOTE: Possibly introduced due to http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad
-CVE-2015-3440 [Stored XSS]
- RESERVED
+CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...)
{DSA-3250-1 DLA-236-1}
- wordpress 4.2.1+dfsg-1 (bug #783554)
NOTE: http://klikki.fi/adv/wordpress2.html
@@ -9781,7 +9792,7 @@
NOTE: https://core.trac.wordpress.org/changeset/33555
NOTE: https://core.trac.wordpress.org/changeset/33556
CVE-2015-2212
- RESERVED
+ REJECTED
CVE-2015-2211
RESERVED
CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
@@ -10405,8 +10416,8 @@
RESERVED
CVE-2015-1988
RESERVED
-CVE-2015-1987
- RESERVED
+CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
NOT-FOR-US: IBM
CVE-2015-1985
@@ -10439,8 +10450,8 @@
NOT-FOR-US: IBM
CVE-2015-1971
RESERVED
-CVE-2015-1970
- RESERVED
+CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...)
+ TODO: check
CVE-2015-1969
RESERVED
CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
@@ -10463,14 +10474,14 @@
RESERVED
CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
NOT-FOR-US: IBM
-CVE-2015-1958
- RESERVED
+CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2015-1957
RESERVED
-CVE-2015-1956
- RESERVED
-CVE-2015-1955
- RESERVED
+CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
NOT-FOR-US: IBM
CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
@@ -23056,11 +23067,11 @@
CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...)
- freepbx <itp> (bug #464926)
CVE-2014-7234
- RESERVED
-CVE-2014-7233
- RESERVED
-CVE-2014-7232
- RESERVED
+ REJECTED
+CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...)
+ TODO: check
+CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...)
+ TODO: check
CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
NOT-FOR-US: Joomla
CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
@@ -23129,10 +23140,10 @@
- apt 1.0.9.2 (bug #763780)
[squeeze] - apt <not-affected> (apt changelog command and vulnerable code not present)
NOTE: mitigated by Linux kernel features in wheezy and up
-CVE-2013-7405
- RESERVED
-CVE-2013-7404
- RESERVED
+CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...)
+ TODO: check
+CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the ...)
+ TODO: check
CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content option ...)
- jqueryui 1.10.1+dfsg-1
[wheezy] - jqueryui <not-affected> (ui.tooltip not yet present)
@@ -23143,34 +23154,34 @@
- zope2.12 2.12.26-1
- zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19)
NOTE: CVE SPLIT from CVE-2012-5508
-CVE-2012-6660
- RESERVED
+CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the ...)
+ TODO: check
CVE-2011-5374
RESERVED
-CVE-2010-5310
- RESERVED
-CVE-2010-5309
- RESERVED
-CVE-2010-5308
- RESERVED
-CVE-2010-5307
- RESERVED
-CVE-2010-5306
- RESERVED
-CVE-2009-5143
- RESERVED
-CVE-2007-6757
- RESERVED
-CVE-2006-7253
- RESERVED
-CVE-2004-2777
- RESERVED
-CVE-2003-1603
- RESERVED
-CVE-2002-2445
- RESERVED
-CVE-2001-1594
- RESERVED
+CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...)
+ TODO: check
+CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...)
+ TODO: check
+CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...)
+ TODO: check
+CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...)
+ TODO: check
+CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...)
+ TODO: check
+CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...)
+ TODO: check
+CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of ...)
+ TODO: check
+CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
+ TODO: check
+CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...)
+ TODO: check
+CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
+ TODO: check
+CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...)
+ NOT-FOR-US: Data pre-dating the Security Tracker
+CVE-2001-1594 (GE Healthcare eNTEGRA P&R has a password of (1) entegra for the ...)
+ NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1253
RESERVED
CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is ...)
More information about the Secure-testing-commits
mailing list