[Secure-testing-commits] r35895 - data/CVE

security tracker role Wed, 05 Aug 2015 02:11:36 -0700

Author: sectracker
Date: 2015-08-05 09:10:22 +0000 (Wed, 05 Aug 2015)
New Revision: 35895


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-08-05 06:09:24 UTC (rev 35894)
+++ data/CVE/list       2015-08-05 09:10:22 UTC (rev 35895)
@@ -1,3 +1,17 @@
+CVE-2015-5724
+       RESERVED
+CVE-2015-5723
+       RESERVED
+CVE-2015-5722
+       RESERVED
+CVE-2015-5721
+       RESERVED
+CVE-2015-5720
+       RESERVED
+CVE-2015-5719
+       RESERVED
+CVE-2015-5718
+       RESERVED
 CVE-2015-5734
        - wordpress 4.2.4+dfsg-1 (bug #794560)
        NOTE: https://core.trac.wordpress.org/changeset/33549
@@ -101,8 +115,8 @@
        TODO: check
 CVE-2015-5702
        RESERVED
-CVE-2002-2446
-       RESERVED
+CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of 
...)
+       NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2015-5705 [argument injection vulnerability]
        RESERVED
        - devscripts 2.15.8 (bug #794365)
@@ -306,15 +320,13 @@
        RESERVED
 CVE-2015-5612
        RESERVED
-CVE-2015-5623
-       RESERVED
+CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts 
...)
        {DSA-3328-1}
        - wordpress 4.2.3+dfsg-1
        [wheezy] - wordpress <not-affected> (Vulnerable code not present)
        [squeeze] - wordpress <not-affected> (Vulnerable code not present)
        NOTE: https://core.trac.wordpress.org/changeset/33357
-CVE-2015-5622
-       RESERVED
+CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 
4.2.3 ...)
        - wordpress 4.2.3+dfsg-1
        NOTE: https://core.trac.wordpress.org/changeset/33359
 CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used 
in ...)
@@ -935,22 +947,22 @@
        NOT-FOR-US: Tournament module for Drupal
 CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown 
module ...)
        NOT-FOR-US: Language Switcher Dropdown module for Drupal
-CVE-2014-9736
-       RESERVED
-CVE-2013-7442
-       RESERVED
-CVE-2012-6695
-       RESERVED
-CVE-2012-6694
-       RESERVED
-CVE-2012-6693
-       RESERVED
-CVE-2011-5324
-       RESERVED
-CVE-2011-5323
-       RESERVED
-CVE-2011-5322
-       RESERVED
+CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail 
Repository has a ...)
+       TODO: check
+CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a 
password ...)
+       TODO: check
+CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a 
password ...)
+       TODO: check
+CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and 
Server ...)
+       TODO: check
+CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password 
of (1) ...)
+       TODO: check
+CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity 
PACS-IW ...)
+       TODO: check
+CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly 
other ...)
+       TODO: check
+CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default 
password ...)
+       TODO: check
 CVE-2015-XXXX [Incomplete WPS and P2P NFC NDEF record payload length 
validation]
        - wpa <unfixed>
        - wpasupplicant <removed>
@@ -1954,18 +1966,18 @@
        RESERVED
 CVE-2015-4937
        RESERVED
-CVE-2015-4936
-       RESERVED
-CVE-2015-4935
-       RESERVED
-CVE-2015-4934
-       RESERVED
-CVE-2015-4933
-       RESERVED
-CVE-2015-4932
-       RESERVED
-CVE-2015-4931
-       RESERVED
+CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 
through ...)
+       TODO: check
+CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
+       TODO: check
+CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
+       TODO: check
+CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
+       TODO: check
+CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
+       TODO: check
+CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
+       TODO: check
 CVE-2015-4930
        RESERVED
 CVE-2015-4929
@@ -4464,16 +4476,16 @@
        RESERVED
 CVE-2015-3964
        RESERVED
-CVE-2015-3963
-       RESERVED
+CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 
6.7.1.1, ...)
+       TODO: check
 CVE-2015-3962
        RESERVED
-CVE-2015-3961
-       RESERVED
-CVE-2015-3960
-       RESERVED
-CVE-2015-3959
-       RESERVED
+CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden 
GarrettCom ...)
+       TODO: check
+CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K 
and ...)
+       TODO: check
+CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K 
and ...)
+       TODO: check
 CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and 
possibly ...)
        NOT-FOR-US: Hospira LifeCare
 CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private 
keys ...)
@@ -4506,12 +4518,12 @@
        RESERVED
 CVE-2015-3943
        RESERVED
-CVE-2015-3942
-       RESERVED
+CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-server ...)
+       TODO: check
 CVE-2015-3941
        RESERVED
-CVE-2015-3940
-       RESERVED
+CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric 
Wonderware ...)
+       TODO: check
 CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 
modules for ...)
        NOT-FOR-US: IDS RTU 850C devices
 CVE-2015-3938
@@ -5927,8 +5939,7 @@
        NOTE: returned error from dovecot, related to openssl bug:
        NOTE: 
https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
        NOTE: Possibly introduced due to 
http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad
-CVE-2015-3440 [Stored XSS]
-       RESERVED
+CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in 
wp-includes/wp-db.php in ...)
        {DSA-3250-1 DLA-236-1}
        - wordpress 4.2.1+dfsg-1 (bug #783554)
        NOTE: http://klikki.fi/adv/wordpress2.html
@@ -9781,7 +9792,7 @@
        NOTE: https://core.trac.wordpress.org/changeset/33555
        NOTE: https://core.trac.wordpress.org/changeset/33556
 CVE-2015-2212
-       RESERVED
+       REJECTED
 CVE-2015-2211
        RESERVED
 CVE-2014-9689 
(content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
@@ -10405,8 +10416,8 @@
        RESERVED
 CVE-2015-1988
        RESERVED
-CVE-2015-1987
-       RESERVED
+CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
+       TODO: check
 CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 
6.1.12 ...)
        NOT-FOR-US: IBM
 CVE-2015-1985
@@ -10439,8 +10450,8 @@
        NOT-FOR-US: IBM
 CVE-2015-1971
        RESERVED
-CVE-2015-1970
-       RESERVED
+CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 
and 2.5 ...)
+       TODO: check
 CVE-2015-1969
        RESERVED
 CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere 
Master Data ...)
@@ -10463,14 +10474,14 @@
        RESERVED
 CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 
before ...)
        NOT-FOR-US: IBM
-CVE-2015-1958
-       RESERVED
+CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
+       TODO: check
 CVE-2015-1957
        RESERVED
-CVE-2015-1956
-       RESERVED
-CVE-2015-1955
-       RESERVED
+CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
+       TODO: check
+CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a 
denial ...)
+       TODO: check
 CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
        NOT-FOR-US: IBM
 CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage 
...)
@@ -23056,11 +23067,11 @@
 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework 
module/Asterisk ...)
        - freepbx <itp> (bug #464926)
 CVE-2014-7234
-       RESERVED
-CVE-2014-7233
-       RESERVED
-CVE-2014-7232
-       RESERVED
+       REJECTED
+CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of 
(1) 1973 ...)
+       TODO: check
+CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of 
(1) ...)
+       TODO: check
 CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 
2.5.26, 3.x ...)
        NOT-FOR-US: Joomla
 CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 
2.5.25, ...)
@@ -23129,10 +23140,10 @@
        - apt 1.0.9.2 (bug #763780)
        [squeeze] - apt <not-affected> (apt changelog command and vulnerable 
code not present)
        NOTE: mitigated by Linux kernel features in wheezy and up
-CVE-2013-7405
-       RESERVED
-CVE-2013-7404
-       RESERVED
+CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 
4.2 has a ...)
+       TODO: check
+CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for 
the ...)
+       TODO: check
 CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content 
option ...)
        - jqueryui 1.10.1+dfsg-1
        [wheezy] - jqueryui <not-affected> (ui.tooltip not yet present)
@@ -23143,34 +23154,34 @@
        - zope2.12 2.12.26-1
        - zope2.13 <not-affected> (Fixed before initial upload in upstream 
version 2.13.19)
        NOTE: CVE SPLIT from CVE-2012-5508
-CVE-2012-6660
-       RESERVED
+CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the 
...)
+       TODO: check
 CVE-2011-5374
        RESERVED
-CVE-2010-5310
-       RESERVED
-CVE-2010-5309
-       RESERVED
-CVE-2010-5308
-       RESERVED
-CVE-2010-5307
-       RESERVED
-CVE-2010-5306
-       RESERVED
-CVE-2009-5143
-       RESERVED
-CVE-2007-6757
-       RESERVED
-CVE-2006-7253
-       RESERVED
-CVE-2004-2777
-       RESERVED
-CVE-2003-1603
-       RESERVED
-CVE-2002-2445
-       RESERVED
-CVE-2001-1594
-       RESERVED
+CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution 
XQ/i has ...)
+       TODO: check
+CVE-2010-5309 (GE Healthcare CADStream Server has a default password of 
confirma for ...)
+       TODO: check
+CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for 
the ...)
+       TODO: check
+CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 
has a ...)
+       TODO: check
+CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a 
default ...)
+       TODO: check
+CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the 
(1) ...)
+       TODO: check
+CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password 
of ...)
+       TODO: check
+CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia 
for the ...)
+       TODO: check
+CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) 
gemnet ...)
+       TODO: check
+CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) 
interfile for ...)
+       TODO: check
+CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default 
password ...)
+       NOT-FOR-US: Data pre-dating the Security Tracker
+CVE-2001-1594 (GE Healthcare eNTEGRA P&amp;R has a password of (1) entegra for 
the ...)
+       NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-1253
        RESERVED
 CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature 
is ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r35895 - data/CVE

Reply via email to