[Secure-testing-commits] r25973 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Wed Mar 5 21:14:12 UTC 2014


Author: joeyh
Date: 2014-03-05 21:14:12 +0000 (Wed, 05 Mar 2014)
New Revision: 25973

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-05 20:46:22 UTC (rev 25972)
+++ data/CVE/list	2014-03-05 21:14:12 UTC (rev 25973)
@@ -1,3 +1,359 @@
+CVE-2014-2280
+	RESERVED
+CVE-2014-2279
+	RESERVED
+CVE-2014-2278
+	RESERVED
+CVE-2014-2277
+	RESERVED
+CVE-2014-2276
+	RESERVED
+CVE-2014-2275
+	RESERVED
+CVE-2014-2274
+	RESERVED
+CVE-2014-2273
+	RESERVED
+CVE-2014-2272
+	RESERVED
+CVE-2014-2271
+	RESERVED
+CVE-2014-2269
+	RESERVED
+CVE-2014-2268
+	RESERVED
+CVE-2014-2267
+	RESERVED
+CVE-2014-2266
+	RESERVED
+CVE-2014-2265
+	RESERVED
+CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
+	TODO: check
+CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
+	TODO: check
+CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
+	TODO: check
+CVE-2014-2261
+	RESERVED
+CVE-2014-2260
+	RESERVED
+CVE-2014-2259
+	RESERVED
+CVE-2014-2258
+	RESERVED
+CVE-2014-2257
+	RESERVED
+CVE-2014-2256
+	RESERVED
+CVE-2014-2255
+	RESERVED
+CVE-2014-2254
+	RESERVED
+CVE-2014-2253
+	RESERVED
+CVE-2014-2252
+	RESERVED
+CVE-2014-2251
+	RESERVED
+CVE-2014-2250
+	RESERVED
+CVE-2014-2249
+	RESERVED
+CVE-2014-2248
+	RESERVED
+CVE-2014-2247
+	RESERVED
+CVE-2014-2246
+	RESERVED
+CVE-2014-2241
+	RESERVED
+CVE-2014-2240
+	RESERVED
+CVE-2014-2239
+	RESERVED
+CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier ...)
+	TODO: check
+CVE-2014-2233
+	RESERVED
+CVE-2014-2232
+	RESERVED
+CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
+	TODO: check
+CVE-2014-2230
+	RESERVED
+CVE-2014-2229
+	RESERVED
+CVE-2014-2228
+	RESERVED
+CVE-2014-2227
+	RESERVED
+CVE-2014-2226
+	RESERVED
+CVE-2014-2225
+	RESERVED
+CVE-2014-2224
+	RESERVED
+CVE-2014-2223
+	RESERVED
+CVE-2014-2222
+	RESERVED
+CVE-2014-2221
+	RESERVED
+CVE-2014-2220
+	RESERVED
+CVE-2014-2219
+	RESERVED
+CVE-2014-2218
+	RESERVED
+CVE-2014-2217
+	RESERVED
+CVE-2014-2216
+	RESERVED
+CVE-2014-2215
+	RESERVED
+CVE-2014-2210
+	RESERVED
+CVE-2014-2209
+	RESERVED
+CVE-2014-2208
+	RESERVED
+CVE-2014-2207
+	RESERVED
+CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) ...)
+	TODO: check
+CVE-2014-2204
+	RESERVED
+CVE-2014-2203
+	RESERVED
+CVE-2014-2202
+	RESERVED
+CVE-2014-2201
+	RESERVED
+CVE-2014-2200
+	RESERVED
+CVE-2014-2199
+	RESERVED
+CVE-2014-2198
+	RESERVED
+CVE-2014-2197
+	RESERVED
+CVE-2014-2196
+	RESERVED
+CVE-2014-2195
+	RESERVED
+CVE-2014-2194
+	RESERVED
+CVE-2014-2193
+	RESERVED
+CVE-2014-2192
+	RESERVED
+CVE-2014-2191
+	RESERVED
+CVE-2014-2190
+	RESERVED
+CVE-2014-2189
+	RESERVED
+CVE-2014-2188
+	RESERVED
+CVE-2014-2187
+	RESERVED
+CVE-2014-2186
+	RESERVED
+CVE-2014-2185
+	RESERVED
+CVE-2014-2184
+	RESERVED
+CVE-2014-2183
+	RESERVED
+CVE-2014-2182
+	RESERVED
+CVE-2014-2181
+	RESERVED
+CVE-2014-2180
+	RESERVED
+CVE-2014-2179
+	RESERVED
+CVE-2014-2178
+	RESERVED
+CVE-2014-2177
+	RESERVED
+CVE-2014-2176
+	RESERVED
+CVE-2014-2175
+	RESERVED
+CVE-2014-2174
+	RESERVED
+CVE-2014-2173
+	RESERVED
+CVE-2014-2172
+	RESERVED
+CVE-2014-2171
+	RESERVED
+CVE-2014-2170
+	RESERVED
+CVE-2014-2169
+	RESERVED
+CVE-2014-2168
+	RESERVED
+CVE-2014-2167
+	RESERVED
+CVE-2014-2166
+	RESERVED
+CVE-2014-2165
+	RESERVED
+CVE-2014-2164
+	RESERVED
+CVE-2014-2163
+	RESERVED
+CVE-2014-2162
+	RESERVED
+CVE-2014-2161
+	RESERVED
+CVE-2014-2160
+	RESERVED
+CVE-2014-2159
+	RESERVED
+CVE-2014-2158
+	RESERVED
+CVE-2014-2157
+	RESERVED
+CVE-2014-2156
+	RESERVED
+CVE-2014-2155
+	RESERVED
+CVE-2014-2154
+	RESERVED
+CVE-2014-2153
+	RESERVED
+CVE-2014-2152
+	RESERVED
+CVE-2014-2151
+	RESERVED
+CVE-2014-2150
+	RESERVED
+CVE-2014-2149
+	RESERVED
+CVE-2014-2148
+	RESERVED
+CVE-2014-2147
+	RESERVED
+CVE-2014-2146
+	RESERVED
+CVE-2014-2145
+	RESERVED
+CVE-2014-2144
+	RESERVED
+CVE-2014-2143
+	RESERVED
+CVE-2014-2142
+	RESERVED
+CVE-2014-2141
+	RESERVED
+CVE-2014-2140
+	RESERVED
+CVE-2014-2139
+	RESERVED
+CVE-2014-2138
+	RESERVED
+CVE-2014-2137
+	RESERVED
+CVE-2014-2136
+	RESERVED
+CVE-2014-2135
+	RESERVED
+CVE-2014-2134
+	RESERVED
+CVE-2014-2133
+	RESERVED
+CVE-2014-2132
+	RESERVED
+CVE-2014-2131
+	RESERVED
+CVE-2014-2130
+	RESERVED
+CVE-2014-2129
+	RESERVED
+CVE-2014-2128
+	RESERVED
+CVE-2014-2127
+	RESERVED
+CVE-2014-2126
+	RESERVED
+CVE-2014-2125
+	RESERVED
+CVE-2014-2124
+	RESERVED
+CVE-2014-2123
+	RESERVED
+CVE-2014-2122
+	RESERVED
+CVE-2014-2121
+	RESERVED
+CVE-2014-2120
+	RESERVED
+CVE-2014-2119
+	RESERVED
+CVE-2014-2118
+	RESERVED
+CVE-2014-2117
+	RESERVED
+CVE-2014-2116
+	RESERVED
+CVE-2014-2115
+	RESERVED
+CVE-2014-2114
+	RESERVED
+CVE-2014-2113
+	RESERVED
+CVE-2014-2112
+	RESERVED
+CVE-2014-2111
+	RESERVED
+CVE-2014-2110
+	RESERVED
+CVE-2014-2109
+	RESERVED
+CVE-2014-2108
+	RESERVED
+CVE-2014-2107
+	RESERVED
+CVE-2014-2106
+	RESERVED
+CVE-2014-2105
+	RESERVED
+CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the Business ...)
+	TODO: check
+CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote ...)
+	TODO: check
+CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not properly ...)
+	TODO: check
+CVE-2014-2101
+	RESERVED
+CVE-2014-2100
+	RESERVED
+CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...)
+	TODO: check
+CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect ...)
+	TODO: check
+CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before ...)
+	TODO: check
+CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ...)
+	TODO: check
+CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via ...)
+	TODO: check
+CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 ...)
+	TODO: check
+CVE-2014-2087
+	RESERVED
+CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
+	TODO: check
+CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
+	TODO: check
 CVE-2014-2285 [snmptrapd crash when using a trap with empty community string]
 	- net-snmp <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
@@ -12,6 +368,7 @@
 	- mp3gain <unfixed> (bug #740268)
 	TODO: check
 CVE-2014-2270 [crashes when checking softmagic for some corrupt PE executables]
+	RESERVED
 	- file 1:5.17-0.1
 	NOTE: http://bugs.gw.com/view.php?id=313
 	NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
@@ -22,53 +379,62 @@
 CVE-2014-5795
 	NOT-FOR-US: Oracle Demantra
 CVE-2014-2245
+	RESERVED
 	- cmsms <itp> (bug #608888)
-CVE-2014-2244
+CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML function in ...)
 	- mediawiki <not-affected> (vulnerable code not present)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61362
 	NOTE: https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z
-CVE-2014-2243
+CVE-2014-2243 (includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x ...)
 	- mediawiki 1:1.19.12+dfsg-1
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61346
 	NOTE: https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z
-CVE-2014-2242
+CVE-2014-2242 (includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...)
 	- mediawiki 1:1.19.12+dfsg-1
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771
 	NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
 CVE-2014-2238 [mantis: sql injection]
+	RESERVED
 	- mantis <removed>
 	[squeeze] - mantis <no-dsa> (Minor issue)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
 CVE-2014-2237 [Trustee token revocation does not work with memcache backend]
+	RESERVED
 	- keystone <unfixed>
 	NOTE: https://launchpad.net/bugs/1260080
 CVE-2014-2236 [multiple XSS issues]
+	RESERVED
 	- askbot <itp> (bug #687966)
 CVE-2014-2235 [XSS issue]
+	RESERVED
 	- askbot <itp> (bug #687966)
 CVE-2014-2214
+	RESERVED
 	NOT-FOR-US: POSH web app (different from src:posh)
 CVE-2014-2213
+	RESERVED
 	NOT-FOR-US: POSH web app (different from src:posh)
 CVE-2014-2212
+	RESERVED
 	NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2211
+CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH ...)
 	NOT-FOR-US: POSH web app (different from src:posh)
 CVE-2014-2206
+	RESERVED
 	NOT-FOR-US: GetGo Download Manager
-CVE-2014-2096 [insecure when cwd is world-writable]
+CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 ...)
 	- catfish 1.0.1-1 (low; bug #739958)
 	[squeeze] - catfish <no-dsa> (Minor issue)
 	[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2095 [insecure when cwd is world-writable]
+CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, ...)
 	- catfish 1.0.1-1 (low; bug #739958)
 	[squeeze] - catfish <no-dsa> (Minor issue)
 	[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2094 [insecure when cwd is world-writable]
+CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3, when a ...)
 	- catfish 1.0.1-1 (low; bug #739958)
 	[squeeze] - catfish <no-dsa> (Minor issue)
 	[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2093 [insecure when cwd is world-writable]
+CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows ...)
 	- catfish 1.0.1-1 (low; bug #739958)
 	[squeeze] - catfish <no-dsa> (Minor issue)
 	[wheezy] - catfish <no-dsa> (Minor issue)
@@ -87,8 +453,7 @@
 	RESERVED
 CVE-2014-2081
 	RESERVED
-CVE-2014-2080
-	RESERVED
+CVE-2014-2080 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: MODx Revolution
 CVE-2014-2079 [File New sets inappropriate permissions in ACL enabled directories]
 	RESERVED
@@ -101,8 +466,8 @@
 	RESERVED
 CVE-2014-2076
 	RESERVED
-CVE-2014-2075
-	RESERVED
+CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK ...)
+	TODO: check
 CVE-2014-2074
 	RESERVED
 CVE-2014-2073
@@ -120,8 +485,7 @@
 	RESERVED
 	- jenkins <unfixed> (bug #739067)
 	NOTE: https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
-CVE-2014-2067 [SECURITY-74]
-	RESERVED
+CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in ...)
 	- jenkins <unfixed> (bug #739067)
 	NOTE: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
 CVE-2014-2066 [SECURITY-75]
@@ -153,8 +517,7 @@
 	- jenkins <unfixed> (bug #739067)
 	- jenkins-winstone <unfixed>
 	NOTE: https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
-CVE-2014-2059 [SECURITY-108]
-	RESERVED
+CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation ...)
 	- jenkins <unfixed> (bug #739067)
 	NOTE: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
 CVE-2014-2058 [SECURITY-109]
@@ -195,11 +558,9 @@
 	RESERVED
 CVE-2014-2041
 	RESERVED
-CVE-2014-2040
-	RESERVED
+CVE-2014-2040 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
 	NOT-FOR-US: WordPress plugin MediaFileRenamer
-CVE-2014-2038 [nfs: information leakage]
-	RESERVED
+CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux ...)
 	- linux 3.13.4-1
 	[wheezy] - linux <not-affected> (Introduced in 3.11)
 	- linux-2.6 <not-affected> (Introduced in 3.11)
@@ -207,13 +568,12 @@
 	NOTE: Fixed by https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24
 CVE-2014-2036
 	RESERVED
-CVE-2014-2035
-	RESERVED
+CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web ...)
 	NOT-FOR-US: InterWorx Web Control Panel
 CVE-2014-2034
 	RESERVED
-CVE-2014-2033
-	RESERVED
+CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...)
+	TODO: check
 CVE-2014-2028
 	RESERVED
 CVE-2014-2026
@@ -329,12 +689,12 @@
 	RESERVED
 CVE-2014-1969
 	RESERVED
-CVE-2014-1968
-	RESERVED
-CVE-2014-1967
-	RESERVED
-CVE-2014-1966
-	RESERVED
+CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
+	TODO: check
+CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
+	TODO: check
+CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 ...)
+	TODO: check
 CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the ...)
 	NOT-FOR-US: SAP Exchange Infrastructure
 CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...)
@@ -378,6 +738,7 @@
 CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the ...)
 	NOT-FOR-US: Visibility Software Cyber Recruiter
 CVE-2013-7330 [SECURITY-55]
+	RESERVED
 	- jenkins <unfixed> (bug #739067)
 	NOTE: https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
 CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ...)
@@ -396,8 +757,7 @@
 	- linux 3.2.29-1
 	- linux-2.6  <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
-CVE-2014-2039 [Linux kernel: s390: crash due to linkage stack instruction]
-	RESERVED
+CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the ...)
 	- linux 3.13.5-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
@@ -494,8 +854,8 @@
 	RESERVED
 CVE-2014-1911
 	RESERVED
-CVE-2014-1910
-	RESERVED
+CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
+	TODO: check
 CVE-2014-1908
 	RESERVED
 CVE-2014-1907
@@ -524,14 +884,13 @@
 	RESERVED
 CVE-2014-1889
 	RESERVED
-CVE-2014-1888
-	RESERVED
+CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
+	TODO: check
 CVE-2014-1880
 	RESERVED
 CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
 	- phpmyadmin 4:4.1.7-1 (unimportant)
-CVE-2014-1878
-	RESERVED
+CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
 	- icinga 1.10.3-1
 CVE-2014-1873
 	RESERVED
@@ -558,18 +917,17 @@
 	NOT-FOR-US: D-Link hardware
 CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager ...)
 	TODO: check
-CVE-2012-6637
-	RESERVED
-CVE-2012-6636
-	RESERVED
+CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
+	TODO: check
+CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
+	TODO: check
 CVE-2013-7322 [OTP token invalidation]
 	RESERVED
 	- oath-toolkit <unfixed> (low; bug #738515)
 	[wheezy] - oath-toolkit <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
 	NOTE: fixed in 2.4.1 upstream, http://lists.nongnu.org/archive/html/oath-toolkit-help/2014-02/msg00010.html
-CVE-2014-1939
-	RESERVED
+CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4 uses the ...)
 	NOT-FOR-US: Android Jelly Bean
 CVE-2014-1938 [insecure use of /tmp]
 	RESERVED
@@ -650,26 +1008,19 @@
 	RESERVED
 	- xen <not-affected> (XSM not enabled in build)
 	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
-CVE-2014-1887
-	RESERVED
+CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe PhoneGap ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1886
-	RESERVED
+CVE-2014-1886 (The Edinburgh by Bus application for Android, when Adobe PhoneGap ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1885
-	RESERVED
+CVE-2014-1885 (The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1884
-	RESERVED
+CVE-2014-1884 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1883
-	RESERVED
+CVE-2014-1883 (Adobe PhoneGap before 2.6.0 on Android uses the ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1882
-	RESERVED
+CVE-2014-1882 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-1881
-	RESERVED
+CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
 	NOT-FOR-US: Apache Cordova
 CVE-2014-1868 [DoS due to XML entity expansion]
 	RESERVED
@@ -705,8 +1056,8 @@
 	RESERVED
 CVE-2014-1855
 	RESERVED
-CVE-2014-1854
-	RESERVED
+CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the ...)
+	TODO: check
 CVE-2014-1853
 	RESERVED
 CVE-2014-1852
@@ -732,14 +1083,13 @@
 CVE-2014-1841
 	RESERVED
 	NOT-FOR-US: Titan FTP Server
-CVE-2014-1840
-	RESERVED
+CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...)
+	TODO: check
 CVE-2014-1830
 	RESERVED
 CVE-2014-1829
 	RESERVED
-CVE-2014-1912 [buffer overflow in socket.recvfrom_into]
-	RESERVED
+CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in ...)
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
 	- python2.7 2.7.6-6 (low)
@@ -760,8 +1110,7 @@
 	- libcapture-tiny-perl 0.24-1 (bug #737835)
 	[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
 	[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
-CVE-2014-1874 [SELinux local DoS]
-	RESERVED
+CVE-2014-1874 (The security_context_to_sid_core function in ...)
 	- linux 3.13.4-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2
@@ -832,8 +1181,7 @@
 CVE-2014-XXXX [no input validation for search function]
 	- fookebox <unfixed> (low; bug #736821)
 	[wheezy] - fookebox <no-dsa> (Minor issue)
-CVE-2014-2013 [Stack-based Buffer Overflow in xps_parse_color()]
-	RESERVED
+CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in ...)
 	- mupdf <unfixed> (bug #738857)
 	NOTE: http://www.hdwsec.fr/blog/mupdf.html
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
@@ -1125,8 +1473,8 @@
 	NOT-FOR-US: Siemens SIMATIC WinCC OA
 CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash ...)
 	NOT-FOR-US: Siemens SIMATIC WinCC OA
-CVE-2014-1695
-	RESERVED
+CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
+	TODO: check
 CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
 	RESERVED
 	- python-gnupg 0.3.6-1 (bug #738509)
@@ -1153,8 +1501,7 @@
 	- php-horde-util 2.3.0-1
 	NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
 	NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required
-CVE-2014-1690
-	RESERVED
+CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.7)
 	- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -1170,8 +1517,8 @@
 CVE-2014-1685
 	RESERVED
 	- zabbix 1:2.2.2+dfsg-1
-CVE-2014-1684
-	RESERVED
+CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
+	TODO: check
 CVE-2014-1683 (The bashMail function in ...)
 	NOT-FOR-US: SkyBlueCanvas CMS
 CVE-2014-1682 [API issue allows users to impersonate other users]
@@ -1366,8 +1713,8 @@
 	RESERVED
 CVE-2014-1598
 	RESERVED
-CVE-2014-1597
-	RESERVED
+CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...)
+	TODO: check
 CVE-2014-1596
 	RESERVED
 CVE-2014-1595
@@ -1757,8 +2104,8 @@
 	NOT-FOR-US: FortiGuard FortiWeb
 CVE-2014-1457
 	RESERVED
-CVE-2014-1456
-	RESERVED
+CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
+	TODO: check
 CVE-2014-1455
 	RESERVED
 CVE-2014-1454
@@ -2168,62 +2515,62 @@
 	RESERVED
 CVE-2014-1271
 	RESERVED
-CVE-2014-1270
-	RESERVED
-CVE-2014-1269
-	RESERVED
-CVE-2014-1268
-	RESERVED
+CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
+	TODO: check
+CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
+	TODO: check
+CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
+	TODO: check
 CVE-2014-1267
 	RESERVED
-CVE-2014-1266
-	RESERVED
-CVE-2014-1265
-	RESERVED
-CVE-2014-1264
-	RESERVED
-CVE-2014-1263
-	RESERVED
-CVE-2014-1262
-	RESERVED
-CVE-2014-1261
-	RESERVED
-CVE-2014-1260
-	RESERVED
-CVE-2014-1259
-	RESERVED
-CVE-2014-1258
-	RESERVED
-CVE-2014-1257
-	RESERVED
-CVE-2014-1256
-	RESERVED
-CVE-2014-1255
-	RESERVED
-CVE-2014-1254
-	RESERVED
+CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
+	TODO: check
+CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X ...)
+	TODO: check
+CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...)
+	TODO: check
+CVE-2014-1263 (curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 ...)
+	TODO: check
+CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...)
+	TODO: check
+CVE-2014-1261 (Integer signedness error in CoreText in Apple OS X before 10.9.2 ...)
+	TODO: check
+CVE-2014-1260 (QuickLook in Apple OS X through 10.8.5 allows remote attackers to ...)
+	TODO: check
+CVE-2014-1259 (Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows ...)
+	TODO: check
+CVE-2014-1258 (Heap-based buffer overflow in CoreAnimation in Apple OS X before ...)
+	TODO: check
+CVE-2014-1257 (CFNetwork in Apple OS X through 10.8.5 does not remove session cookies ...)
+	TODO: check
+CVE-2014-1256 (Buffer overflow in Apple Type Services (ATS) in Apple OS X before ...)
+	TODO: check
+CVE-2014-1255 (Apple Type Services (ATS) in Apple OS X before 10.9.2 does not ...)
+	TODO: check
+CVE-2014-1254 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote ...)
+	TODO: check
 CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to ...)
 	NOT-FOR-US: Apple Boot Camp
 CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
 	NOT-FOR-US: Apple Pages
-CVE-2014-1251
-	RESERVED
-CVE-2014-1250
-	RESERVED
-CVE-2014-1249
-	RESERVED
-CVE-2014-1248
-	RESERVED
-CVE-2014-1247
-	RESERVED
-CVE-2014-1246
-	RESERVED
-CVE-2014-1245
-	RESERVED
-CVE-2014-1244
-	RESERVED
-CVE-2014-1243
-	RESERVED
+CVE-2014-1251 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1250 (Apple QuickTime before 7.7.5 does not properly perform a byte-swapping ...)
+	TODO: check
+CVE-2014-1249 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1248 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1247 (Apple QuickTime before 7.7.5 allows remote attackers to execute ...)
+	TODO: check
+CVE-2014-1246 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1245 (Integer signedness error in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1244 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
+	TODO: check
+CVE-2014-1243 (Apple QuickTime before 7.7.5 does not initialize an unspecified ...)
+	TODO: check
 CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2014-1241
@@ -2255,8 +2602,7 @@
 	RESERVED
 CVE-2014-1224
 	RESERVED
-CVE-2014-1223
-	RESERVED
+CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx ...)
 	NOT-FOR-US: Telligent Evolution
 CVE-2014-1222
 	RESERVED
@@ -2644,8 +2990,8 @@
 	RESERVED
 CVE-2014-0875
 	RESERVED
-CVE-2014-0874
-	RESERVED
+CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x ...)
+	TODO: check
 CVE-2014-0873
 	RESERVED
 CVE-2014-0872
@@ -2668,26 +3014,26 @@
 	RESERVED
 CVE-2014-0863
 	RESERVED
-CVE-2014-0862
-	RESERVED
-CVE-2014-0861
-	RESERVED
+CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational ...)
+	TODO: check
+CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
+	TODO: check
 CVE-2014-0860
 	RESERVED
 CVE-2014-0859
 	RESERVED
-CVE-2014-0858
-	RESERVED
+CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote ...)
+	TODO: check
 CVE-2014-0857
 	RESERVED
 CVE-2014-0856
 	RESERVED
 CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0854
-	RESERVED
-CVE-2014-0853
-	RESERVED
+CVE-2014-0854 (The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before ...)
+	TODO: check
+CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
+	TODO: check
 CVE-2014-0852
 	RESERVED
 CVE-2014-0851
@@ -2700,22 +3046,22 @@
 	RESERVED
 CVE-2014-0847
 	RESERVED
-CVE-2014-0846
-	RESERVED
-CVE-2014-0845
-	RESERVED
-CVE-2014-0844
-	RESERVED
-CVE-2014-0843
-	RESERVED
-CVE-2014-0842
-	RESERVED
+CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational Requirements ...)
+	TODO: check
+CVE-2014-0845 (Open redirect vulnerability in IBM Rational Requirements Composer 3.x ...)
+	TODO: check
+CVE-2014-0844 (Unspecified vulnerability in IBM Rational Requirements Composer 3.x ...)
+	TODO: check
+CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point ...)
+	TODO: check
+CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point 6.4.x ...)
+	TODO: check
 CVE-2014-0841
 	RESERVED
-CVE-2014-0840
-	RESERVED
-CVE-2014-0839
-	RESERVED
+CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
+	TODO: check
+CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x ...)
+	TODO: check
 CVE-2014-0838 (The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 ...)
 	NOT-FOR-US: IBM Security QRadar SIEM
 CVE-2014-0837 (The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier ...)
@@ -2750,18 +3096,18 @@
 	RESERVED
 CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
 	NOT-FOR-US: IBM Domino
-CVE-2014-0821
-	RESERVED
-CVE-2014-0820
-	RESERVED
-CVE-2014-0819
-	RESERVED
-CVE-2014-0818
-	RESERVED
-CVE-2014-0817
-	RESERVED
-CVE-2014-0816
-	RESERVED
+CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon ...)
+	TODO: check
+CVE-2014-0820 (Directory traversal vulnerability in the download feature in Cybozu ...)
+	TODO: check
+CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
+	TODO: check
+CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
+	TODO: check
+CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not ...)
+	TODO: check
+CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and earlier ...)
+	TODO: check
 CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows ...)
 	NOT-FOR-US: Opera
 CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 ...)
@@ -2770,8 +3116,8 @@
 	NOT-FOR-US: phpMyFAQ
 CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
 	NOT-FOR-US: KENT-WEB Joyful Note
-CVE-2014-0811
-	RESERVED
+CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 ...)
+	TODO: check
 CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
 	NOT-FOR-US: JustSystems Sanshiro 2007
 CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
@@ -2908,8 +3254,8 @@
 	RESERVED
 CVE-2014-0775
 	RESERVED
-CVE-2014-0774
-	RESERVED
+CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...)
+	TODO: check
 CVE-2014-0773
 	RESERVED
 CVE-2014-0772
@@ -2938,10 +3284,10 @@
 	RESERVED
 CVE-2014-0760
 	RESERVED
-CVE-2014-0759
-	RESERVED
-CVE-2014-0758
-	RESERVED
+CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric ...)
+	TODO: check
+CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, ...)
+	TODO: check
 CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...)
 	NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit
 CVE-2014-0756
@@ -2963,28 +3309,28 @@
 CVE-2014-0748
 	RESERVED
 	NOT-FOR-US: Aprun/apinit on Cray supercomputers
-CVE-2014-0747
-	RESERVED
-CVE-2014-0746
-	RESERVED
-CVE-2014-0745
-	RESERVED
+CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...)
+	TODO: check
+CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact Center ...)
+	TODO: check
+CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified ...)
+	TODO: check
 CVE-2014-0744
 	RESERVED
-CVE-2014-0743
-	RESERVED
-CVE-2014-0742
-	RESERVED
-CVE-2014-0741
-	RESERVED
-CVE-2014-0740
-	RESERVED
-CVE-2014-0739
-	RESERVED
-CVE-2014-0738
-	RESERVED
-CVE-2014-0737
-	RESERVED
+CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in Cisco ...)
+	TODO: check
+CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...)
+	TODO: check
+CVE-2014-0741 (The certificate-import feature in the Certificate Authority Proxy ...)
+	TODO: check
+CVE-2014-0740 (Cross-site request forgery (CSRF) vulnerability in the Call Detail ...)
+	TODO: check
+CVE-2014-0739 (Race condition in the Phone Proxy component in Cisco Adaptive Security ...)
+	TODO: check
+CVE-2014-0738 (The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) ...)
+	TODO: check
+CVE-2014-0737 (The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote ...)
+	TODO: check
 CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call Detail ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ...)
@@ -2995,11 +3341,9 @@
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0731
-	RESERVED
+CVE-2014-0731 (The administration interface in Cisco Unified Communications Manager ...)
 	NOT-FOR-US: Cisco Unified Computing System
-CVE-2014-0730
-	RESERVED
+CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and earlier ...)
 	NOT-FOR-US: Cisco Unified Computing System
 CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application ...)
 	NOT-FOR-US: Cisco Unified Communications Manager 
@@ -3017,17 +3361,13 @@
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications Manager ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0721
-	RESERVED
+CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows ...)
 	NOT-FOR-US: Cisco Unified SIP Phone 3905
-CVE-2014-0720
-	RESERVED
+CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows ...)
 	NOT-FOR-US: Cisco IPS
-CVE-2014-0719
-	RESERVED
+CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS Software ...)
 	NOT-FOR-US: Cisco IPS
-CVE-2014-0718
-	RESERVED
+CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1 before ...)
 	NOT-FOR-US: Cisco IPS
 CVE-2014-0717
 	RESERVED
@@ -3043,11 +3383,9 @@
 	RESERVED
 CVE-2014-0711
 	RESERVED
-CVE-2014-0710
-	RESERVED
+CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco Firewall ...)
 	NOT-FOR-US: Cisco Firewall Services Module
-CVE-2014-0709
-	RESERVED
+CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded ...)
 	NOT-FOR-US: Cisco UCS Director
 CVE-2014-0708
 	RESERVED
@@ -3114,8 +3452,7 @@
 	NOT-FOR-US: Cisco Identity Service Engine
 CVE-2014-0680 (Cross-site scripting (XSS) vulnerability in the HTTP control interface ...)
 	NOT-FOR-US: Cisco Identity Service Engine
-CVE-2014-0679
-	RESERVED
+CVE-2014-0679 (Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before ...)
 	NOT-FOR-US: Cisco Prime Infrastructure
 CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does ...)
 	NOT-FOR-US: Cisco Secure Access Control System
@@ -3287,6 +3624,7 @@
 CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 ...)
 	NOT-FOR-US: ProjectForge
 CVE-2009-5138 [gnutls: incorrect handling of V1 intermediate certificates]
+	RESERVED
 	- gnutls26 2.7.12-1
 	- gnutls28 <not-affected> (Only affects versions before 2.7.6)
 	NOTE: Only affects version prior of 2.7.6, fix: https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
@@ -3633,18 +3971,15 @@
 	RESERVED
 CVE-2014-0503
 	RESERVED
-CVE-2014-0502
-	RESERVED
+CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 ...)
 	NOT-FOR-US: Flash plugin
 CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2014-0499
-	RESERVED
+CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x ...)
 	NOT-FOR-US: Flash plugin
-CVE-2014-0498
-	RESERVED
+CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 ...)
 	NOT-FOR-US: Flash plugin
 CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...)
 	NOT-FOR-US: Flash plugin
@@ -4531,10 +4866,9 @@
 	RESERVED
 CVE-2014-0335
 	RESERVED
-CVE-2014-0334
-	RESERVED
-CVE-2014-0333 [denial of service via png_push_read_chunk()]
-	RESERVED
+CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
+	TODO: check
+CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive ...)
 	- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
 	NOTE: Filed #740585 for src:libpng1.6 in experimental
 CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
@@ -4778,16 +5112,16 @@
 	NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
 CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read ...)
 	NOT-FOR-US: BlogEngine.NET
-CVE-2013-6952
-	RESERVED
-CVE-2013-6951
-	RESERVED
-CVE-2013-6950
-	RESERVED
-CVE-2013-6949
-	RESERVED
-CVE-2013-6948
-	RESERVED
+CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a hardcoded ...)
+	TODO: check
+CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not maintain ...)
+	TODO: check
+CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not use SSL ...)
+	TODO: check
+CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not properly ...)
+	TODO: check
+CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation firmware ...)
+	TODO: check
 CVE-2013-6947
 	RESERVED
 CVE-2013-6946
@@ -4860,7 +5194,7 @@
 	RESERVED
 CVE-2014-0323
 	RESERVED
-CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 10 allows ...)
+CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
 	NOT-FOR-US: Microsoft Internet Explorer 10
 CVE-2014-0321
 	RESERVED
@@ -5410,9 +5744,8 @@
 	RESERVED
 	- neutron <unfixed>
 CVE-2014-0070
-	RESERVED
-CVE-2014-0069 [cifs: incorrect handling of bogus user pointers during uncached writes]
-	RESERVED
+	REJECTED
+CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Only affects 2.6.38 and later)
 	NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401
@@ -5470,8 +5803,7 @@
 	- postgresql-9.3 9.3.3-1
 CVE-2014-0059
 	RESERVED
-CVE-2014-0058
-	RESERVED
+CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise ...)
 	NOT-FOR-US: JBoss EAP
 CVE-2014-0057
 	RESERVED
@@ -5506,8 +5838,7 @@
 	RESERVED
 CVE-2014-0047
 	RESERVED
-CVE-2014-0046
-	RESERVED
+CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in ...)
 	NOT-FOR-US: ember.js
 CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client in ...)
 	{DSA-2854-1}
@@ -5547,8 +5878,7 @@
 	RESERVED
 CVE-2014-0034
 	RESERVED
-CVE-2014-0033
-	RESERVED
+CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat ...)
 	- tomcat6 6.0.39
 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in ...)
 	- subversion 1.8.8-1 (low; bug #737815)
@@ -6066,16 +6396,16 @@
 	RESERVED
 CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2013-6734
-	RESERVED
+CVE-2013-6734 (IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not ...)
+	TODO: check
 CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application in the ...)
 	NOT-FOR-US: IBM Sametime
-CVE-2013-6732
-	RESERVED
-CVE-2013-6731
-	RESERVED
-CVE-2013-6730
-	RESERVED
+CVE-2013-6732 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
+	TODO: check
+CVE-2013-6731 (IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote ...)
+	TODO: check
+CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through ...)
+	TODO: check
 CVE-2013-6729
 	RESERVED
 CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) ...)
@@ -6216,71 +6546,55 @@
 	RESERVED
 CVE-2013-6669
 	RESERVED
-CVE-2013-6668
-	RESERVED
+CVE-2013-6668 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, ...)
 	- chromium-browser <unfixed>
 	- libv8 <removed>
 	- libv8-3.14 <unfixed>
-CVE-2013-6667
-	RESERVED
+CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6666
-	RESERVED
+CVE-2013-6666 (The PepperFlashRendererHost::OnNavigate function in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6665
-	RESERVED
+CVE-2013-6665 (Heap-based buffer overflow in the ResourceProvider::InitializeSoftware ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6664
-	RESERVED
+CVE-2013-6664 (Use-after-free vulnerability in the ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6663
-	RESERVED
+CVE-2013-6663 (Use-after-free vulnerability in the SVGImage::setContainerSize ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-6662
 	RESERVED
-CVE-2013-6661
-	RESERVED
+CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6660
-	RESERVED
+CVE-2013-6660 (The drag-and-drop implementation in Google Chrome before 33.0.1750.117 ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6659
-	RESERVED
+CVE-2013-6659 (The SSLClientSocketNSS::Core::OwnAuthCertHandler function in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6658
-	RESERVED
+CVE-2013-6658 (Multiple use-after-free vulnerabilities in the layout implementation ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6657
-	RESERVED
+CVE-2013-6657 (core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6656
-	RESERVED
+CVE-2013-6656 (The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6655
-	RESERVED
+CVE-2013-6655 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6654
-	RESERVED
+CVE-2013-6654 (The SVGAnimateElement::calculateAnimatedValue function in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6653
-	RESERVED
+CVE-2013-6653 (Use-after-free vulnerability in the web contents implementation in ...)
 	- chromium-browser <unfixed>
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6652
-	RESERVED
+CVE-2013-6652 (Directory traversal vulnerability in ...)
 	- chromium-browser <not-affected> (Windows-specific)
 CVE-2013-6651
 	RESERVED
@@ -6697,8 +7011,7 @@
 CVE-2013-6494
 	RESERVED
 	NOT-FOR-US: fedup (Fedora specific)
-CVE-2013-6493 [insecure temporary directory use]
-	RESERVED
+CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc ...)
 	- icedtea-web 1.4.2-1
 CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly ...)
 	NOT-FOR-US: Pirhana
@@ -7250,12 +7563,12 @@
 	RESERVED
 CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...)
 	NOT-FOR-US: IBM
-CVE-2013-6333
-	RESERVED
+CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
 CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 ...)
 	NOT-FOR-US: IBM Algo One UDS
-CVE-2013-6331
-	RESERVED
+CVE-2013-6331 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
+	TODO: check
 CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager ...)
@@ -7276,12 +7589,12 @@
 	NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
 CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
 	NOT-FOR-US: IBM Atlas eDiscovery Process Management
-CVE-2013-6320
-	RESERVED
-CVE-2013-6319
-	RESERVED
-CVE-2013-6318
-	RESERVED
+CVE-2013-6320 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
+CVE-2013-6319 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 ...)
+	TODO: check
+CVE-2013-6318 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
 CVE-2013-6317
 	RESERVED
 CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before ...)
@@ -7310,16 +7623,16 @@
 	NOT-FOR-US: IBM Platform Symphony
 CVE-2013-6304
 	RESERVED
-CVE-2013-6303
-	RESERVED
-CVE-2013-6302
-	RESERVED
-CVE-2013-6301
-	RESERVED
-CVE-2013-6300
-	RESERVED
-CVE-2013-6299
-	RESERVED
+CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...)
+	TODO: check
+CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
+	TODO: check
+CVE-2013-6301 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
+CVE-2013-6300 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
+CVE-2013-6299 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
+	TODO: check
 CVE-2013-6298
 	RESERVED
 CVE-2013-6297
@@ -7524,14 +7837,11 @@
 	RESERVED
 CVE-2013-6205
 	RESERVED
-CVE-2013-6204
-	RESERVED
+CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP ...)
 	NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6203
-	RESERVED
+CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP ...)
 	NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6202
-	RESERVED
+CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP ...)
 	NOT-FOR-US: HP Service Manager
 CVE-2013-6201
 	RESERVED
@@ -7873,8 +8183,7 @@
 	{DSA-2815-1}
 	- munin 2.0.18-1
 	[squeeze] - munin <no-dsa> (Minor issue)
-CVE-2013-6047 [XSS in site creation interface]
-	RESERVED
+CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site ...)
 	- ikiwiki-hosting 0.20131025
 	[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
 CVE-2013-6046
@@ -9419,8 +9728,8 @@
 	NOT-FOR-US: Cisco Secure Access Control System
 CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement the ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2013-5468
-	RESERVED
+CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 ...)
+	TODO: check
 CVE-2013-5467
 	RESERVED
 CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...)
@@ -10399,18 +10708,16 @@
 CVE-2013-4982
 	RESERVED
 	NOT-FOR-US: AVTECH DVR
-CVE-2013-4981
-	RESERVED
+CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with ...)
 	NOT-FOR-US: AVTECH DVR
-CVE-2013-4980
-	RESERVED
+CVE-2013-4980 (Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with ...)
 	NOT-FOR-US: AVTECH DVR
 CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and ...)
 	NOT-FOR-US: EPS Viewer
 CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...)
 	NOT-FOR-US: Aloaha PDF Suite
-CVE-2013-4977
-	RESERVED
+CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E ...)
+	TODO: check
 CVE-2013-4976
 	RESERVED
 CVE-2013-4975
@@ -10758,8 +11065,7 @@
 	NOT-FOR-US: HP iLO
 CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...)
 	NOT-FOR-US: HP iLO
-CVE-2013-4841
-	RESERVED
+CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in ...)
 	NOT-FOR-US: HP StoreVirtual
 CVE-2013-4840
 	RESERVED
@@ -11075,8 +11381,8 @@
 	NOT-FOR-US: I-O DATA DEVICE HDL-A and HDL2-A devices
 CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on ...)
 	NOT-FOR-US: Accela Bizsearch, not in Debian
-CVE-2013-4710
-	RESERVED
+CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, ...)
+	TODO: check
 CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
 	NOT-FOR-US: PPP Access Concentrator
 CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...)
@@ -11350,8 +11656,7 @@
 	- linux-2.6 <not-affected> (Introduced in 3.6)
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
-CVE-2013-4590 [information disclosure]
-	RESERVED
+CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
 	- tomcat6 6.0.39
 	- tomcat7 7.0.50
 	- tomcat8 <itp> (bug #722675)
@@ -11981,8 +12286,7 @@
 	[squeeze] - dropbear <no-dsa> (Minor issue)
 	[wheezy] - dropbear <no-dsa> (Minor issue)
 	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
-CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal]
-	RESERVED
+CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) ...)
 	{DSA-2863-1}
 	- libtar 1.2.20-2 (bug #731860)
 CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...)
@@ -12330,8 +12634,7 @@
 	[wheezy] - spice-gtk <no-dsa> (Minor issue)
 CVE-2013-4323
 	RESERVED
-CVE-2013-4322 [incomplete fix for CVE-2012-3544]
-	RESERVED
+CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
 	- tomcat6 6.0.39
 	- tomcat7 7.0.50
 	- tomcat8 <itp> (bug #722675)
@@ -12453,8 +12756,7 @@
 	- libgems-ruby <removed> (unimportant; bug #722361)
 	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
 	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
-CVE-2013-4286 [incomplete fix for CVE-2005-2090]
-	RESERVED
+CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...)
 	- tomcat6 6.0.39
 	- tomcat7 7.0.47
 	- tomcat8 <itp> (bug #722675)
@@ -13234,8 +13536,8 @@
 	NOT-FOR-US: IBM
 CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
 	NOT-FOR-US: IBM Domino
-CVE-2013-4054
-	RESERVED
+CVE-2013-4054 (Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ ...)
+	TODO: check
 CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server ...)
 	NOT-FOR-US: WebSphere
 CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI Administrative ...)
@@ -13990,8 +14292,8 @@
 	RESERVED
 CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for ...)
 	NOT-FOR-US: openSUSE live installer
-CVE-2013-3712
-	RESERVED
+CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for ...)
+	TODO: check
 CVE-2013-3711
 	RESERVED
 CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
@@ -14514,8 +14816,8 @@
 	RESERVED
 CVE-2013-3488
 	RESERVED
-CVE-2013-3487
-	RESERVED
+CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security ...)
+	TODO: check
 CVE-2013-3486
 	RESERVED
 CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
@@ -14995,10 +15297,10 @@
 	NOT-FOR-US: WordPress plugin download-monitor
 CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
 	NOT-FOR-US: WordPress plugin flash-album-gallery
-CVE-2013-3260
-	RESERVED
-CVE-2013-3259
-	RESERVED
+CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
+	TODO: check
+CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
+	TODO: check
 CVE-2013-3258
 	RESERVED
 CVE-2013-3257
@@ -16109,8 +16411,8 @@
 	NOT-FOR-US: WellinTech KingSCADA
 CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director ...)
 	NOT-FOR-US: Elecsys Director Gateway
-CVE-2013-2824
-	RESERVED
+CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo ...)
+	TODO: check
 CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
 	NOT-FOR-US: Catapult DNP3 I/O driver
 CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
@@ -16123,8 +16425,8 @@
 	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
 CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
 	NOT-FOR-US: e-terracontrol
-CVE-2013-2817
-	RESERVED
+CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation ...)
+	TODO: check
 CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...)
 	NOT-FOR-US: Cooper Power Systems
 CVE-2013-2815
@@ -16886,8 +17188,8 @@
 	RESERVED
 CVE-2013-2499
 	RESERVED
-CVE-2013-2498
-	RESERVED
+CVE-2013-2498 (SQL injection vulnerability in the login page in ...)
+	TODO: check
 CVE-2013-2497
 	RESERVED
 CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
@@ -20615,8 +20917,8 @@
 	RESERVED
 CVE-2013-1410
 	RESERVED
-CVE-2013-1409
-	RESERVED
+CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin ...)
+	TODO: check
 CVE-2013-1408
 	RESERVED
 CVE-2013-1407
@@ -35795,8 +36097,7 @@
 	- python3.2 3.2.3-1 (bug #670389)
 	- python3.3 3.3.1-1
 	NOTE: http://bugs.python.org/issue14579
-CVE-2012-2134
-	RESERVED
+CVE-2012-2134 (The handle_connection_error function in ldap_helper.c in ...)
 	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
 CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when ...)
 	{DSA-2469-1}
@@ -41931,8 +42232,8 @@
 	NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
 CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before ...)
 	NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
-CVE-2011-4696
-	RESERVED
+CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 ...)
+	TODO: check
 CVE-2010-5075
 	RESERVED
 CVE-2012-0785 [Jenkins and hash collision attack]
@@ -42443,8 +42744,7 @@
 	- moodle <not-affected> (Only affects 2.x)
 CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before ...)
 	- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4580
-	RESERVED
+CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss ...)
 	NOT-FOR-US: JBoss Enterprise Portal Platform
 CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in ...)
 	{DSA-2378-1}
@@ -43797,8 +44097,7 @@
 CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly ...)
 	- linux-2.6 3.1-1 (unimportant)
 	NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
-CVE-2011-4111
-	RESERVED
+CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in ...)
 	- qemu 0.15.1+dfsg-2
 	[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
 	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
@@ -45379,8 +45678,7 @@
 	- empathy 3.2.1.1-1
 	[squeeze] - empathy <no-dsa> (Minor issue)
 	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
-CVE-2011-3634
-	RESERVED
+CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the ...)
 	- apt 0.8.11 (low)
 	[squeeze] - apt <no-dsa> (Minor issue, apt is only affected if apt-transport-https is installed)
 	NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28 
@@ -47533,8 +47831,7 @@
 	[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
 CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in ...)
 	- linux-2.6 <not-affected> (RHEL-specific backport issue)
-CVE-2011-2941
-	RESERVED
+CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal ...)
 	NOT-FOR-US: JBoss Enterprise Portal Platform
 CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute ...)
 	- stunnel4 3:4.42-1 (bug #638758)
@@ -50908,8 +51205,7 @@
 	- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
 	- kvm <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
-CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE]
-	RESERVED
+CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the ...)
 	- nfs-utils 1:1.2.3-3 (low; bug #629420)
 	[squeeze] - nfs-utils 1:1.2.2-4squeeze2
 	[lenny] - nfs-utils <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list