[Secure-testing-commits] r41902 - data/CVE

Fri May 20 05:47:49 UTC 2016

Author: fgeek-guest
Date: 2016-05-20 05:47:49 +0000 (Fri, 20 May 2016)
New Revision: 41902

Modified:
   data/CVE/list
Log:
NFU

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-05-20 04:32:35 UTC (rev 41901)
+++ data/CVE/list	2016-05-20 05:47:49 UTC (rev 41902)
@@ -27878,6 +27878,8 @@
 CVE-2015-3997
 	RESERVED
 CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for ...)
+	- owncloud <unfixed>
+	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-012
 	TODO: check
 CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
 	NOT-FOR-US: SAP HANA DB
@@ -27963,7 +27965,7 @@
 CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ...)
 	NOT-FOR-US: SAP Sybase Unwired Platform Online Data Proxy
 CVE-2015-3977 (Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2015-3976
 	RESERVED
 CVE-2015-3975
@@ -27971,19 +27973,19 @@
 CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x ...)
 	NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
 CVE-2015-3973 (Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3972 (The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3971 (The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3970 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3969 (Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3968 (The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3967 (Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, ...)
-	TODO: check
+	NOT-FOR-US: Janitza UMG devices
 CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with ...)
 	NOT-FOR-US: Innominate mGuard
 CVE-2015-3965
@@ -28021,17 +28023,17 @@
 CVE-2015-3949 (Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows ...)
 	NOT-FOR-US: Sinapsi eSolar Light
 CVE-2015-3948 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess before ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2015-3947 (SQL injection vulnerability in Advantech WebAccess before 8.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2015-3946 (Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2015-3945
 	RESERVED
 CVE-2015-3944
 	RESERVED
 CVE-2015-3943 (Advantech WebAccess before 8.1 allows remote attackers to read ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...)
 	NOT-FOR-US: Belden GarrettCom switches
 CVE-2015-3941
@@ -28041,7 +28043,7 @@
 CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
 	NOT-FOR-US: IDS RTU 850C devices
 CVE-2015-3938 (The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi Electric MELSEC devices
 CVE-2015-3937
 	RESERVED
 CVE-2015-3936
@@ -28917,7 +28919,7 @@
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
 CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
 	- docker.io 1.6.1+dfsg1-1 (bug #784726)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10


