diff options
| author | security tracker role <sectracker@debian.org> | 2015-08-05 09:10:22 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@debian.org> | 2015-08-05 09:10:22 +0000 |
| commit | 7c0177542e26dbc78c9bd9cabb19a7372b39bb86 (patch) | |
| tree | b72e35aa243d5a844e0b77244a3d3a4954686b85 | |
| parent | ee8bcaf6e83241a09385e221145c05d28bd3f939 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@35895 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/2001.list | 4 | ||||
| -rw-r--r-- | data/CVE/2002.list | 8 | ||||
| -rw-r--r-- | data/CVE/2003.list | 4 | ||||
| -rw-r--r-- | data/CVE/2004.list | 4 | ||||
| -rw-r--r-- | data/CVE/2006.list | 4 | ||||
| -rw-r--r-- | data/CVE/2007.list | 4 | ||||
| -rw-r--r-- | data/CVE/2009.list | 4 | ||||
| -rw-r--r-- | data/CVE/2010.list | 20 | ||||
| -rw-r--r-- | data/CVE/2011.list | 12 | ||||
| -rw-r--r-- | data/CVE/2012.list | 16 | ||||
| -rw-r--r-- | data/CVE/2013.list | 12 | ||||
| -rw-r--r-- | data/CVE/2014.list | 14 | ||||
| -rw-r--r-- | data/CVE/2015.list | 93 |
13 files changed, 105 insertions, 94 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index fadcecaeb3..8343720730 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,5 +1,5 @@ -CVE-2001-1594 - RESERVED +CVE-2001-1594 (GE Healthcare eNTEGRA P&R has a password of (1) entegra for the ...) + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...) {DSA-2892-1} - a2ps 1:4.14-1.2 (low; bug #737385) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 9f96089649..94abf0951d 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -1,7 +1,7 @@ -CVE-2002-2446 - RESERVED -CVE-2002-2445 - RESERVED +CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...) + NOT-FOR-US: Data pre-dating the Security Tracker +CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...) + NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2483 - linux-2.6 2.4.20 CVE-2002-2444 [snoopy: Security hole in exec cURL] diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 8b89070fc2..12b822c429 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,5 +1,5 @@ -CVE-2003-1603 - RESERVED +CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...) + TODO: check CVE-2003-1602 RESERVED CVE-2003-1601 diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 7ef960efb6..a489982746 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,5 +1,5 @@ -CVE-2004-2777 - RESERVED +CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...) + TODO: check CVE-2004-XXXX [base-passwd: sets valid shells for system services] - base-passwd 3.5.30 (unimportant; bug #274229) NOTE: Hardening, not a direct vulnerability diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 3a98092e3f..0eb5c701f8 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -1,5 +1,5 @@ -CVE-2006-7253 - RESERVED +CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...) + TODO: check CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7251 diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 90cee8237b..aafa37ce0c 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,7 +1,7 @@ CVE-2007-6758 RESERVED -CVE-2007-6757 - RESERVED +CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of ...) + TODO: check CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...) NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 20effd22d8..e272272b13 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -21,8 +21,8 @@ CVE-2009-5144 [vulnerability involving the directory context] RESERVED - mod-gnutls 0.5.6-1 (bug #578663) NOTE: http://issues.outoforder.cc/view.php?id=93 -CVE-2009-5143 - RESERVED +CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...) + TODO: check CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...) NOT-FOR-US: TimThumb CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index bcec4e5c14..d2dbceb005 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -44,16 +44,16 @@ CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst] [jessie] - riece <no-dsa> (Minor issue) [wheezy] - riece <no-dsa> (Minor issue) [squeeze] - riece <no-dsa> (Minor issue) -CVE-2010-5310 - RESERVED -CVE-2010-5309 - RESERVED -CVE-2010-5308 - RESERVED -CVE-2010-5307 - RESERVED -CVE-2010-5306 - RESERVED +CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...) + TODO: check +CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...) + TODO: check +CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...) + TODO: check +CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...) + TODO: check +CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...) + TODO: check CVE-2010-5305 RESERVED CVE-2010-5304 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 017b562b3b..c6c60e9ee7 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1,9 +1,9 @@ -CVE-2011-5324 - RESERVED -CVE-2011-5323 - RESERVED -CVE-2011-5322 - RESERVED +CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...) + TODO: check +CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...) + TODO: check +CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...) + TODO: check CVE-2011-5321 [tty: kobject reference leakage in tty_open] RESERVED {DLA-246-1} diff --git a/data/CVE/2012.list b/data/CVE/2012.list index e1dc6ccd5f..d262dce7f4 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,9 +1,9 @@ -CVE-2012-6695 - RESERVED -CVE-2012-6694 - RESERVED -CVE-2012-6693 - RESERVED +CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) + TODO: check +CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server ...) + TODO: check +CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...) + TODO: check CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...) NOT-FOR-US: WordPress plugin wordpress-seo CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) @@ -105,8 +105,8 @@ CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before - zope2.12 2.12.26-1 - zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19) NOTE: CVE SPLIT from CVE-2012-5508 -CVE-2012-6660 - RESERVED +CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the ...) + TODO: check CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...) NOT-FOR-US: Phorum CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 4ff4fda441..ba6cc724a8 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -7,8 +7,8 @@ CVE-2013-7443 [SQLite array overrun in the skip-scan optimization] NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01 NOTE: https://www.sqlite.org/src/info/520070ec7fbaac NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5 -CVE-2013-7442 - RESERVED +CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) + TODO: check CVE-2013-7440 [incorrect wildcard matching rules] RESERVED - python3.4 3.4~b1-4 @@ -185,10 +185,10 @@ CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS modul NOT-FOR-US: Drupal module MRBS CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...) NOT-FOR-US: Drupal module MRBS -CVE-2013-7405 - RESERVED -CVE-2013-7404 - RESERVED +CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...) + TODO: check +CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the ...) + TODO: check CVE-2013-7403 RESERVED NOT-FOR-US: WordPress plugin wp-video-commando diff --git a/data/CVE/2014.list b/data/CVE/2014.list index a17b7f8164..24e2e7237d 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -16,8 +16,8 @@ CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tourna NOT-FOR-US: Tournament module for Drupal CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...) NOT-FOR-US: Language Switcher Dropdown module for Drupal -CVE-2014-9736 - RESERVED +CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...) + TODO: check CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...) NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...) @@ -7048,11 +7048,11 @@ CVE-2014-7236 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...) - freepbx <itp> (bug #464926) CVE-2014-7234 - RESERVED -CVE-2014-7233 - RESERVED -CVE-2014-7232 - RESERVED + REJECTED +CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...) + TODO: check +CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...) + TODO: check CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...) NOT-FOR-US: Joomla CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index c30cce4ea9..ca446f7a86 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,3 +1,17 @@ +CVE-2015-5724 + RESERVED +CVE-2015-5723 + RESERVED +CVE-2015-5722 + RESERVED +CVE-2015-5721 + RESERVED +CVE-2015-5720 + RESERVED +CVE-2015-5719 + RESERVED +CVE-2015-5718 + RESERVED CVE-2015-5734 - wordpress 4.2.4+dfsg-1 (bug #794560) NOTE: https://core.trac.wordpress.org/changeset/33549 @@ -302,15 +316,13 @@ CVE-2015-5613 RESERVED CVE-2015-5612 RESERVED -CVE-2015-5623 - RESERVED +CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...) {DSA-3328-1} - wordpress 4.2.3+dfsg-1 [wheezy] - wordpress <not-affected> (Vulnerable code not present) [squeeze] - wordpress <not-affected> (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/33357 -CVE-2015-5622 - RESERVED +CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 ...) - wordpress 4.2.3+dfsg-1 NOTE: https://core.trac.wordpress.org/changeset/33359 CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in ...) @@ -1903,18 +1915,18 @@ CVE-2015-4938 RESERVED CVE-2015-4937 RESERVED -CVE-2015-4936 - RESERVED -CVE-2015-4935 - RESERVED -CVE-2015-4934 - RESERVED -CVE-2015-4933 - RESERVED -CVE-2015-4932 - RESERVED -CVE-2015-4931 - RESERVED +CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through ...) + TODO: check +CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) + TODO: check +CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) + TODO: check +CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) + TODO: check +CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) + TODO: check +CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) + TODO: check CVE-2015-4930 RESERVED CVE-2015-4929 @@ -4327,16 +4339,16 @@ CVE-2015-3965 RESERVED CVE-2015-3964 RESERVED -CVE-2015-3963 - RESERVED +CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...) + TODO: check CVE-2015-3962 RESERVED -CVE-2015-3961 - RESERVED -CVE-2015-3960 - RESERVED -CVE-2015-3959 - RESERVED +CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...) + TODO: check +CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...) + TODO: check +CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...) + TODO: check CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...) NOT-FOR-US: Hospira LifeCare CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...) @@ -4369,12 +4381,12 @@ CVE-2015-3944 RESERVED CVE-2015-3943 RESERVED -CVE-2015-3942 - RESERVED +CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...) + TODO: check CVE-2015-3941 RESERVED -CVE-2015-3940 - RESERVED +CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware ...) + TODO: check CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...) NOT-FOR-US: IDS RTU 850C devices CVE-2015-3938 @@ -5784,8 +5796,7 @@ CVE-2015-3420 [SSL/TLS handshake failures leading to a crash of the login proces NOTE: returned error from dovecot, related to openssl bug: NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest NOTE: Possibly introduced due to http://hg.dovecot.org/dovecot-2.2/rev/09d3c9c6f0ad -CVE-2015-3440 [Stored XSS] - RESERVED +CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...) {DSA-3250-1 DLA-236-1} - wordpress 4.2.1+dfsg-1 (bug #783554) NOTE: http://klikki.fi/adv/wordpress2.html @@ -9458,7 +9469,7 @@ CVE-2015-2213 [SQL injection] NOTE: https://core.trac.wordpress.org/changeset/33555 NOTE: https://core.trac.wordpress.org/changeset/33556 CVE-2015-2212 - RESERVED + REJECTED CVE-2015-2211 RESERVED CVE-2015-XXXX [tcllib XSS] @@ -10029,8 +10040,8 @@ CVE-2015-1989 RESERVED CVE-2015-1988 RESERVED -CVE-2015-1987 - RESERVED +CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) + TODO: check CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...) NOT-FOR-US: IBM CVE-2015-1985 @@ -10063,8 +10074,8 @@ CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 befo NOT-FOR-US: IBM CVE-2015-1971 RESERVED -CVE-2015-1970 - RESERVED +CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...) + TODO: check CVE-2015-1969 RESERVED CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) @@ -10087,14 +10098,14 @@ CVE-2015-1960 RESERVED CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...) NOT-FOR-US: IBM -CVE-2015-1958 - RESERVED +CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) + TODO: check CVE-2015-1957 RESERVED -CVE-2015-1956 - RESERVED -CVE-2015-1955 - RESERVED +CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) + TODO: check +CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...) + TODO: check CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) NOT-FOR-US: IBM CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...) |