[Secure-testing-commits] r26123 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Fri Mar 14 21:14:14 UTC 2014


Author: joeyh
Date: 2014-03-14 21:14:14 +0000 (Fri, 14 Mar 2014)
New Revision: 26123

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-03-14 14:23:19 UTC (rev 26122)
+++ data/CVE/list	2014-03-14 21:14:14 UTC (rev 26123)
@@ -1,3 +1,357 @@
+CVE-2014-2496
+	RESERVED
+CVE-2014-2495
+	RESERVED
+CVE-2014-2494
+	RESERVED
+CVE-2014-2493
+	RESERVED
+CVE-2014-2492
+	RESERVED
+CVE-2014-2491
+	RESERVED
+CVE-2014-2490
+	RESERVED
+CVE-2014-2489
+	RESERVED
+CVE-2014-2488
+	RESERVED
+CVE-2014-2487
+	RESERVED
+CVE-2014-2486
+	RESERVED
+CVE-2014-2485
+	RESERVED
+CVE-2014-2484
+	RESERVED
+CVE-2014-2483
+	RESERVED
+CVE-2014-2482
+	RESERVED
+CVE-2014-2481
+	RESERVED
+CVE-2014-2480
+	RESERVED
+CVE-2014-2479
+	RESERVED
+CVE-2014-2478
+	RESERVED
+CVE-2014-2477
+	RESERVED
+CVE-2014-2476
+	RESERVED
+CVE-2014-2475
+	RESERVED
+CVE-2014-2474
+	RESERVED
+CVE-2014-2473
+	RESERVED
+CVE-2014-2472
+	RESERVED
+CVE-2014-2471
+	RESERVED
+CVE-2014-2470
+	RESERVED
+CVE-2014-2469
+	RESERVED
+CVE-2014-2468
+	RESERVED
+CVE-2014-2467
+	RESERVED
+CVE-2014-2466
+	RESERVED
+CVE-2014-2465
+	RESERVED
+CVE-2014-2464
+	RESERVED
+CVE-2014-2463
+	RESERVED
+CVE-2014-2462
+	RESERVED
+CVE-2014-2461
+	RESERVED
+CVE-2014-2460
+	RESERVED
+CVE-2014-2459
+	RESERVED
+CVE-2014-2458
+	RESERVED
+CVE-2014-2457
+	RESERVED
+CVE-2014-2456
+	RESERVED
+CVE-2014-2455
+	RESERVED
+CVE-2014-2454
+	RESERVED
+CVE-2014-2453
+	RESERVED
+CVE-2014-2452
+	RESERVED
+CVE-2014-2451
+	RESERVED
+CVE-2014-2450
+	RESERVED
+CVE-2014-2449
+	RESERVED
+CVE-2014-2448
+	RESERVED
+CVE-2014-2447
+	RESERVED
+CVE-2014-2446
+	RESERVED
+CVE-2014-2445
+	RESERVED
+CVE-2014-2444
+	RESERVED
+CVE-2014-2443
+	RESERVED
+CVE-2014-2442
+	RESERVED
+CVE-2014-2441
+	RESERVED
+CVE-2014-2440
+	RESERVED
+CVE-2014-2439
+	RESERVED
+CVE-2014-2438
+	RESERVED
+CVE-2014-2437
+	RESERVED
+CVE-2014-2436
+	RESERVED
+CVE-2014-2435
+	RESERVED
+CVE-2014-2434
+	RESERVED
+CVE-2014-2433
+	RESERVED
+CVE-2014-2432
+	RESERVED
+CVE-2014-2431
+	RESERVED
+CVE-2014-2430
+	RESERVED
+CVE-2014-2429
+	RESERVED
+CVE-2014-2428
+	RESERVED
+CVE-2014-2427
+	RESERVED
+CVE-2014-2426
+	RESERVED
+CVE-2014-2425
+	RESERVED
+CVE-2014-2424
+	RESERVED
+CVE-2014-2423
+	RESERVED
+CVE-2014-2422
+	RESERVED
+CVE-2014-2421
+	RESERVED
+CVE-2014-2420
+	RESERVED
+CVE-2014-2419
+	RESERVED
+CVE-2014-2418
+	RESERVED
+CVE-2014-2417
+	RESERVED
+CVE-2014-2416
+	RESERVED
+CVE-2014-2415
+	RESERVED
+CVE-2014-2414
+	RESERVED
+CVE-2014-2413
+	RESERVED
+CVE-2014-2412
+	RESERVED
+CVE-2014-2411
+	RESERVED
+CVE-2014-2410
+	RESERVED
+CVE-2014-2409
+	RESERVED
+CVE-2014-2408
+	RESERVED
+CVE-2014-2407
+	RESERVED
+CVE-2014-2406
+	RESERVED
+CVE-2014-2405
+	RESERVED
+CVE-2014-2404
+	RESERVED
+CVE-2014-2403
+	RESERVED
+CVE-2014-2402
+	RESERVED
+CVE-2014-2401
+	RESERVED
+CVE-2014-2400
+	RESERVED
+CVE-2014-2399
+	RESERVED
+CVE-2014-2398
+	RESERVED
+CVE-2014-2397
+	RESERVED
+CVE-2014-2396
+	RESERVED
+CVE-2014-2395
+	RESERVED
+CVE-2014-2394
+	RESERVED
+CVE-2014-2393
+	RESERVED
+CVE-2014-2392
+	RESERVED
+CVE-2014-2391
+	RESERVED
+CVE-2014-2390
+	RESERVED
+CVE-2014-2389
+	RESERVED
+CVE-2014-2388
+	RESERVED
+CVE-2014-2385
+	RESERVED
+CVE-2014-2384
+	RESERVED
+CVE-2014-2383
+	RESERVED
+CVE-2014-2382
+	RESERVED
+CVE-2014-2381
+	RESERVED
+CVE-2014-2380
+	RESERVED
+CVE-2014-2379
+	RESERVED
+CVE-2014-2378
+	RESERVED
+CVE-2014-2377
+	RESERVED
+CVE-2014-2376
+	RESERVED
+CVE-2014-2375
+	RESERVED
+CVE-2014-2374
+	RESERVED
+CVE-2014-2373
+	RESERVED
+CVE-2014-2372
+	RESERVED
+CVE-2014-2371
+	RESERVED
+CVE-2014-2370
+	RESERVED
+CVE-2014-2369
+	RESERVED
+CVE-2014-2368
+	RESERVED
+CVE-2014-2367
+	RESERVED
+CVE-2014-2366
+	RESERVED
+CVE-2014-2365
+	RESERVED
+CVE-2014-2364
+	RESERVED
+CVE-2014-2363
+	RESERVED
+CVE-2014-2362
+	RESERVED
+CVE-2014-2361
+	RESERVED
+CVE-2014-2360
+	RESERVED
+CVE-2014-2359
+	RESERVED
+CVE-2014-2358
+	RESERVED
+CVE-2014-2357
+	RESERVED
+CVE-2014-2356
+	RESERVED
+CVE-2014-2355
+	RESERVED
+CVE-2014-2354
+	RESERVED
+CVE-2014-2353
+	RESERVED
+CVE-2014-2352
+	RESERVED
+CVE-2014-2351
+	RESERVED
+CVE-2014-2350
+	RESERVED
+CVE-2014-2349
+	RESERVED
+CVE-2014-2348
+	RESERVED
+CVE-2014-2347
+	RESERVED
+CVE-2014-2346
+	RESERVED
+CVE-2014-2345
+	RESERVED
+CVE-2014-2344
+	RESERVED
+CVE-2014-2343
+	RESERVED
+CVE-2014-2342
+	RESERVED
+CVE-2014-2341
+	RESERVED
+CVE-2014-2340
+	RESERVED
+CVE-2014-2339
+	RESERVED
+CVE-2014-2338
+	RESERVED
+CVE-2014-2337
+	RESERVED
+CVE-2014-2336
+	RESERVED
+CVE-2014-2335
+	RESERVED
+CVE-2014-2334
+	RESERVED
+CVE-2014-2333
+	RESERVED
+CVE-2014-2332
+	RESERVED
+CVE-2014-2331
+	RESERVED
+CVE-2014-2330
+	RESERVED
+CVE-2014-2329
+	RESERVED
+CVE-2014-2328
+	RESERVED
+CVE-2014-2327
+	RESERVED
+CVE-2014-2326
+	RESERVED
+CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
+	TODO: check
+CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
+	TODO: check
+CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search ...)
+	TODO: check
+CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You ...)
+	TODO: check
+CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in ...)
+	TODO: check
+CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
+	TODO: check
+CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
+	TODO: check
+CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
+	TODO: check
 CVE-2014-XXXX [claws-mail vcalendar plugin stores user/password in cleartext]
 	- claws-mail <unfixed> (unimportant)
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
@@ -3,31 +357,37 @@
 	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12338
 CVE-2014-2387 [pen: insecure temporary filename]
+	RESERVED
 	- pen <unfixed> (low; bug #741370)
 	[squeeze] - pen <no-dsa> (Minor issue)
 	[wheezy] - pen <no-dsa> (Minor issue)
 CVE-2014-2386 [icinga: small buffer overflows when checking strlen against MAX_INPUT_BUFFER]
+	RESERVED
 	- icinga 1.11.0-1
 CVE-2014-2325
+	RESERVED
 	NOT-FOR-US: Proxmox Mail Gateway
 CVE-2014-2324
+	RESERVED
 	{DSA-2877-1}
 	- lighttpd 1.4.33-1+nmu3 (bug #741493)
 CVE-2014-2323
+	RESERVED
 	{DSA-2877-1}
 	- lighttpd 1.4.33-1+nmu3 (bug #741493)
 CVE-2014-2322
+	RESERVED
 	NOT-FOR-US: Ruby Gem Arabic Prawn
-CVE-2014-2321
+CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
 	TODO: check
 CVE-2014-2320
+	RESERVED
 	TODO: check
-CVE-2014-2319 [unknown vendor: use of "legacy" ZIP encryption even when AES is requested]
+CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 ...)
 	NOTE: Non issue
 	NOTE: http://seclists.org/oss-sec/2014/q1/550
 CVE-2014-2312 [thermald: insecure tmp file]
 	RESERVED
 	- thermald <not-affected> (android_main.cpp not used for Debian build)
-CVE-2014-2311
-	RESERVED
+CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...)
 	NOT-FOR-US: MODx Revolution
 CVE-2014-2308
@@ -49,8 +409,7 @@
 	RESERVED
 CVE-2014-2300
 	RESERVED
-CVE-2014-2299 [buffer overflow in MPEG file parser (wnpa-sec-2014-04)]
-	RESERVED
+CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the ...)
 	{DSA-2871-1}
 	- wireshark 1.10.6-1
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843
@@ -85,22 +444,19 @@
 CVE-2014-2286
 	RESERVED
 	- asterisk 1:11.8.1~dfsg-1 (bug #741313)
-CVE-2014-2283 [RLC dissector crash (wnpa-sec-2014-03)]
-	RESERVED
+CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
 	{DSA-2871-1}
 	- wireshark 1.10.6-1
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-03.html
-CVE-2014-2282 [M3UA dissector crash (wnpa-sec-2014-02)]
-	RESERVED
+CVE-2014-2282 (The dissect_protocol_data_parameter function in ...)
 	- wireshark 1.10.6-1
 	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-02.html
-CVE-2014-2281 [NFS dissector crash (wnpa-sec-2014-01)]
-	RESERVED
+CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c ...)
 	{DSA-2871-1}
 	- wireshark 1.10.6-1
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
@@ -108,8 +464,7 @@
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html
 CVE-2013-7333
 	RESERVED
-CVE-2014-2309 [IPv6: crash due to router advertisement flooding]
-	RESERVED
+CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel ...)
 	- linux <unfixed>
 	- linux-2.6 <not-affected> (Introduced in v3.0)
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
@@ -153,8 +508,8 @@
 	RESERVED
 CVE-2014-2266
 	RESERVED
-CVE-2014-2265
-	RESERVED
+CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to ...)
+	TODO: check
 CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
 	NOT-FOR-US: Synology DiskStation Manager
 CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
@@ -201,8 +556,7 @@
 	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
 	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
 	NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right
-CVE-2014-2240
-	RESERVED
+CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in ...)
 	- freetype <unfixed> (bug #741299)
 	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
 	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
@@ -698,8 +1052,7 @@
 CVE-2014-2044 [owncloud: autenticated remote code execution]
 	RESERVED
 	- owncloud <not-affected> (Windows-specific)
-CVE-2014-2043
-	RESERVED
+CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
 	NOT-FOR-US: Procentia IntelliPen
 CVE-2014-2042
 	RESERVED
@@ -871,10 +1224,9 @@
 	RESERVED
 CVE-2014-1946
 	RESERVED
-CVE-2014-1945
-	RESERVED
-CVE-2014-1944
-	RESERVED
+CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
+	TODO: check
+CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
 	NOT-FOR-US: Ilch CMS
 CVE-2014-1942
 	RESERVED
@@ -1073,8 +1425,7 @@
 	NOT-FOR-US: Apache Cordova
 CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
 	NOT-FOR-US: Android
-CVE-2013-7322 [OTP token invalidation]
-	RESERVED
+CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly ...)
 	- oath-toolkit <unfixed> (low; bug #738515)
 	[wheezy] - oath-toolkit <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
@@ -1251,8 +1602,7 @@
 	- python3.4 <unfixed> (low)
 	NOTE: http://bugs.python.org/issue20246
 	NOTE: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
-CVE-2014-1877 [Multiple Stored XSS]
-	RESERVED
+CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 ...)
 	NOT-FOR-US: Dokeos
 CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
 	- openjdk-7 <unfixed> (low; bug #737562)
@@ -1297,13 +1647,11 @@
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
 	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
-CVE-2014-1839
-	RESERVED
+CVE-2014-1839 (The Execute class in shellutils in logilab-commons before 0.61.0 uses ...)
 	- logilab-common 0.61.0-1 (low; bug #737051)
 	[squeeze] - logilab-common <no-dsa> (Minor issue)
 	[wheezy] - logilab-common <no-dsa> (Minor issue)
-CVE-2014-1838
-	RESERVED
+CVE-2014-1838 (The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py ...)
 	- logilab-common 0.61.0-1 (low; bug #737051)
 	[squeeze] - logilab-common <no-dsa> (Minor issue)
 	[wheezy] - logilab-common <no-dsa> (Minor issue)
@@ -1874,8 +2222,8 @@
 	RESERVED
 CVE-2014-1600
 	RESERVED
-CVE-2014-1599
-	RESERVED
+CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box ...)
+	TODO: check
 CVE-2014-1598
 	RESERVED
 CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...)
@@ -2632,63 +2980,62 @@
 	RESERVED
 CVE-2014-1295
 	RESERVED
-CVE-2014-1294
-	RESERVED
-CVE-2014-1293
-	RESERVED
-CVE-2014-1292
-	RESERVED
-CVE-2014-1291
-	RESERVED
-CVE-2014-1290
-	RESERVED
-CVE-2014-1289
-	RESERVED
+CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
+CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
+CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
+CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
+CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
+CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+	TODO: check
 CVE-2014-1288
 	RESERVED
-CVE-2014-1287
-	RESERVED
-CVE-2014-1286
-	RESERVED
-CVE-2014-1285
-	RESERVED
+CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
+	TODO: check
+CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote ...)
+	TODO: check
+CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate ...)
+	TODO: check
 CVE-2014-1284
-	RESERVED
+	REJECTED
 CVE-2014-1283
 	RESERVED
-CVE-2014-1282
-	RESERVED
-CVE-2014-1281
-	RESERVED
-CVE-2014-1280
-	RESERVED
-CVE-2014-1279
-	RESERVED
+CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...)
+	TODO: check
+CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the ...)
+	TODO: check
+CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
+	TODO: check
+CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows ...)
 	NOT-FOR-US: Apple TV
-CVE-2014-1278
-	RESERVED
+CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 ...)
+	TODO: check
 CVE-2014-1277
-	RESERVED
-CVE-2014-1276
-	RESERVED
-CVE-2014-1275
-	RESERVED
-CVE-2014-1274
-	RESERVED
-CVE-2014-1273
-	RESERVED
-CVE-2014-1272
-	RESERVED
-CVE-2014-1271
-	RESERVED
+	REJECTED
+CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct ...)
+	TODO: check
+CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...)
+	TODO: check
+CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...)
+	TODO: check
+CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers ...)
+	TODO: check
+CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...)
+	TODO: check
+CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not ...)
+	TODO: check
 CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1267
-	RESERVED
+CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...)
+	TODO: check
 CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
 	NOT-FOR-US: Apple
 CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X ...)
@@ -3116,8 +3463,8 @@
 	RESERVED
 CVE-2014-0900
 	RESERVED
-CVE-2014-0899
-	RESERVED
+CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a ...)
+	TODO: check
 CVE-2014-0898
 	RESERVED
 CVE-2014-0897
@@ -3410,18 +3757,18 @@
 	RESERVED
 CVE-2014-0785
 	RESERVED
-CVE-2014-0784
-	RESERVED
-CVE-2014-0783
-	RESERVED
+CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
+	TODO: check
+CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...)
+	TODO: check
 CVE-2014-0782
 	RESERVED
-CVE-2014-0781
-	RESERVED
+CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
+	TODO: check
 CVE-2014-0780
 	RESERVED
-CVE-2014-0779
-	RESERVED
+CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
+	TODO: check
 CVE-2014-0778
 	RESERVED
 CVE-2014-0777
@@ -3591,8 +3938,8 @@
 	RESERVED
 CVE-2014-0695
 	RESERVED
-CVE-2014-0694
-	RESERVED
+CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...)
+	TODO: check
 CVE-2014-0693
 	RESERVED
 CVE-2014-0692
@@ -4131,13 +4478,11 @@
 	RESERVED
 CVE-2014-0506
 	RESERVED
-CVE-2014-0505
-	RESERVED
-CVE-2014-0504
-	RESERVED
+CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
 	NOT-FOR-US: Flash plugin
-CVE-2014-0503
-	RESERVED
+CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
 	NOT-FOR-US: Flash plugin
 CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 ...)
 	NOT-FOR-US: Flash plugin
@@ -5302,20 +5647,20 @@
 	RESERVED
 CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, ...)
 	- vista <itp> (bug #541242)
-CVE-2013-6944
-	RESERVED
-CVE-2013-6943
-	RESERVED
-CVE-2013-6942
-	RESERVED
-CVE-2013-6941
-	RESERVED
-CVE-2013-6940
-	RESERVED
-CVE-2013-6939
-	RESERVED
-CVE-2013-6938
-	RESERVED
+CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the ...)
+	TODO: check
+CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
+	TODO: check
+CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler ...)
+	TODO: check
+CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
+	TODO: check
+CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
+	TODO: check
+CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
+	TODO: check
+CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX ...)
+	TODO: check
 CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
 	NOT-FOR-US: VideoCharge
 CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...)
@@ -5364,62 +5709,62 @@
 	- lucene-solr <unfixed> (bug #731113)
 CVE-2014-0325
 	RESERVED
-CVE-2014-0324
-	RESERVED
-CVE-2014-0323
-	RESERVED
+CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+	TODO: check
 CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
 	NOT-FOR-US: Microsoft Internet Explorer 10
-CVE-2014-0321
-	RESERVED
+CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+	TODO: check
 CVE-2014-0320
 	RESERVED
-CVE-2014-0319
-	RESERVED
+CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
+	TODO: check
 CVE-2014-0318
 	RESERVED
-CVE-2014-0317
-	RESERVED
+CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...)
+	TODO: check
 CVE-2014-0316
 	RESERVED
 CVE-2014-0315
 	RESERVED
-CVE-2014-0314
-	RESERVED
-CVE-2014-0313
-	RESERVED
-CVE-2014-0312
-	RESERVED
-CVE-2014-0311
-	RESERVED
+CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+	TODO: check
 CVE-2014-0310
 	RESERVED
-CVE-2014-0309
-	RESERVED
-CVE-2014-0308
-	RESERVED
-CVE-2014-0307
-	RESERVED
-CVE-2014-0306
-	RESERVED
-CVE-2014-0305
-	RESERVED
-CVE-2014-0304
-	RESERVED
-CVE-2014-0303
-	RESERVED
-CVE-2014-0302
-	RESERVED
-CVE-2014-0301
-	RESERVED
-CVE-2014-0300
-	RESERVED
-CVE-2014-0299
-	RESERVED
-CVE-2014-0298
-	RESERVED
-CVE-2014-0297
-	RESERVED
+CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0307 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+	TODO: check
+CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+	TODO: check
+CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft ...)
+	TODO: check
+CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+	TODO: check
+CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+	TODO: check
+CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+	TODO: check
 CVE-2014-0296
 	RESERVED
 CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
@@ -5808,8 +6153,7 @@
 	RESERVED
 CVE-2014-0107
 	RESERVED
-CVE-2014-0106
-	RESERVED
+CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...)
 	- sudo 1.8.5p2-1 (low)
 	[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
 	NOTE: http://www.sudo.ws/sudo/alerts/env_add.html
@@ -5819,21 +6163,18 @@
 	RESERVED
 CVE-2014-0103
 	RESERVED
-CVE-2014-0102
-	RESERVED
+CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in v3.13)
 	- linux-2.6 <not-affected> (Introduced in v3.13)
 	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
 	NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2
-CVE-2014-0101
-	RESERVED
+CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e
 	NOTE: http://patchwork.ozlabs.org/patch/325898/
-CVE-2014-0100
-	RESERVED
+CVE-2014-0100 (Race condition in the inet_frag_intern function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in v3.9)
 	- linux-2.6 <not-affected> (Introduced in v3.9)
@@ -5850,8 +6191,7 @@
 	RESERVED
 CVE-2014-0095
 	RESERVED
-CVE-2014-0094 [ClassLoader manipulation via request parameters]
-	RESERVED
+CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.1 allows ...)
 	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
 CVE-2014-0093
 	RESERVED
@@ -6019,8 +6359,7 @@
 	- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1565169
 	NOTE: CVE might be splitted
-CVE-2014-0049
-	RESERVED
+CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Introduced in 3.5)
 	- linux-2.6 <not-affected> (Introduced in 3.5)
@@ -6157,8 +6496,7 @@
 	- swift 1.11.0-2 (bug #735582)
 CVE-2014-0005
 	RESERVED
-CVE-2014-0004
-	RESERVED
+CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before ...)
 	{DSA-2872-1}
 	- udisks2 2.1.3-1
 	- udisks 1.0.5-1
@@ -6349,8 +6687,7 @@
 	[squeeze] - gnumeric <no-dsa> (Minor issue)
 	NOTE: https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=712772
-CVE-2013-6835
-	RESERVED
+CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, ...)
 	NOT-FOR-US: iOS
 CVE-2013-6834 (The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in ...)
 	- kfreebsd-9 <not-affected> (Only affects 10.x)
@@ -7406,8 +7743,7 @@
 	NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
 CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2013-6442
-	RESERVED
+CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...)
 	- samba <unfixed> (low)
 	[squeeze] - samba <not-affected> (Only affects 4.x and later)
 	[wheezy] - samba <not-affected> (Only affects 4.x and later)
@@ -8000,11 +8336,9 @@
 CVE-2013-6234
 	RESERVED
 	NOT-FOR-US: SpagoBI
-CVE-2013-6233
-	RESERVED
+CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
 	NOT-FOR-US: SpagoBI
-CVE-2013-6232
-	RESERVED
+CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
 	NOT-FOR-US: SpagoBI
 CVE-2013-6231
 	RESERVED
@@ -8054,16 +8388,16 @@
 CVE-2013-6210
 	RESERVED
 	NOT-FOR-US: HP Unified Functional Testing
-CVE-2013-6209
-	RESERVED
+CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP ...)
+	TODO: check
 CVE-2013-6208
 	RESERVED
-CVE-2013-6207
-	RESERVED
-CVE-2013-6206
-	RESERVED
-CVE-2013-6205
-	RESERVED
+CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
+	TODO: check
+CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
+	TODO: check
+CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
+	TODO: check
 CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP ...)
 	NOT-FOR-US: HP Application Information Optimizer
 CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP ...)
@@ -8072,8 +8406,7 @@
 	NOT-FOR-US: HP Service Manager
 CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, ...)
 	NOT-FOR-US: HP Security Management System
-CVE-2013-6200
-	RESERVED
+CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...)
 	NOT-FOR-US: HP-UX
 CVE-2013-6199
 	RESERVED
@@ -8097,8 +8430,8 @@
 	RESERVED
 CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP ...)
 	NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6188
-	RESERVED
+CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
+	TODO: check
 CVE-2013-6187
 	REJECTED
 CVE-2013-6186
@@ -8434,8 +8767,8 @@
 	NOT-FOR-US: NagiosQL
 CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 ...)
 	NOT-FOR-US: Trimble SketchUp Viewer
-CVE-2013-6037
-	RESERVED
+CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure ...)
+	TODO: check
 CVE-2013-6036
 	RESERVED
 CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
@@ -8446,8 +8779,8 @@
 	NOT-FOR-US: Lexmark
 CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
 	NOT-FOR-US: Lexmark
-CVE-2013-6031
-	RESERVED
+CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not ...)
+	TODO: check
 CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
 	NOT-FOR-US: Emerson Network Power
 CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
@@ -9449,8 +9782,7 @@
 CVE-2013-5640
 	RESERVED
 	NOT-FOR-US: Gnew
-CVE-2013-5639
-	RESERVED
+CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 ...)
 	NOT-FOR-US: Gnew
 CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...)
 	- libdigidoc <itp> (bug #658300)
@@ -10637,8 +10969,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2013-5134
 	REJECTED
-CVE-2013-5133
-	RESERVED
+CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, ...)
+	TODO: check
 CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly ...)
 	NOT-FOR-US: Apple AirPort
 CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
@@ -10674,8 +11006,8 @@
 	NOT-FOR-US: Zimbra Collaboration Suite
 CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ...)
 	NOT-FOR-US: Good for Enterprise app for iOS
-CVE-2013-5117
-	RESERVED
+CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in ...)
+	TODO: check
 CVE-2013-5116
 	RESERVED
 CVE-2013-5115
@@ -10956,8 +11288,7 @@
 	NOT-FOR-US: RealPlayer
 CVE-2013-4972
 	RESERVED
-CVE-2013-4971
-	RESERVED
+CVE-2013-4971 (Puppet Enterprise before 3.2.0 does not properly restrict access to ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2013-4970
 	RESERVED
@@ -10970,8 +11301,7 @@
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4966
-	RESERVED
+CVE-2013-4966 (The master external node classification script in Puppet Enterprise ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 CVE-2013-4965 (Puppet Enterprise before 3.1.0 does not properly restrict the number ...)
 	NOT-FOR-US: Puppet Enterprise
@@ -11285,8 +11615,8 @@
 	RESERVED
 CVE-2013-4847
 	RESERVED
-CVE-2013-4846
-	RESERVED
+CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+	TODO: check
 CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...)
 	NOT-FOR-US: HP Officejet Pro
 CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...)
@@ -11735,8 +12065,8 @@
 	- mongodb 1:2.4.5-1 (bug #715007)
 	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
 	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
-CVE-2013-4649
-	RESERVED
+CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
+	TODO: check
 CVE-2013-4648
 	RESERVED
 CVE-2013-4647
@@ -12261,8 +12591,7 @@
 	NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
 	NOTE: https://bugs.launchpad.net/nova/+bug/1202266
 	NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
-CVE-2013-4496
-	RESERVED
+CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 ...)
 	- samba <unfixed> (low)
 	[wheezy] - samba <no-dsa> (Minor issue)
 	[squeeze] - samba <no-dsa> (Minor issue)
@@ -12370,8 +12699,7 @@
 CVE-2013-4468
 	RESERVED
 	NOT-FOR-US: VICIDIAL
-CVE-2013-4467
-	RESERVED
+CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) ...)
 	NOT-FOR-US: VICIDIAL
 CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE library ...)
 	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
@@ -12471,8 +12799,7 @@
 	- dropbear 2012.55-1.4 (low; bug #726118)
 	[squeeze] - dropbear <no-dsa> (Minor issue)
 	[wheezy] - dropbear <no-dsa> (Minor issue)
-CVE-2013-4433 [xhprof: unspecified XSS]
-	RESERVED
+CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...)
 	- xhprof 0.9.4-1 (bug #726284)
 CVE-2013-4432 [a group member with no access rights to folder can still view it]
 	RESERVED
@@ -12538,8 +12865,7 @@
 	NOT-FOR-US: Red Hat Satellite
 CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
 	NOT-FOR-US: Cumin
-CVE-2013-4413 [arbitrary files read]
-	RESERVED
+CVE-2013-4413 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Wicked Ruby Gem
 CVE-2013-4412 [NULL ptr dereference]
 	RESERVED
@@ -13298,41 +13624,29 @@
 	NOT-FOR-US: Katello
 CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...)
 	NOT-FOR-US: Plone
-CVE-2013-4199 [plone: DoS by decompressing large zip archives (cb_decode.py, linkintegrity.py)]
-	RESERVED
+CVE-2013-4199 ((1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, ...)
 	NOT-FOR-US: Plone
-CVE-2013-4198 [plone: Authenticated users able to alter their password despite of policy definition / setting prohibiting it (mail_password.py)]
-	RESERVED
+CVE-2013-4198 (mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
 	NOT-FOR-US: Plone
-CVE-2013-4197 [plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)]
-	RESERVED
+CVE-2013-4197 (member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
 	NOT-FOR-US: Plone
-CVE-2013-4196 [plone: Multiple information exposure flaws via certain object methods (objectmanager.py)]
-	RESERVED
+CVE-2013-4196 (The object manager implementation (objectmanager.py) in Plone 2.1 ...)
 	NOT-FOR-US: Plone
-CVE-2013-4195 [plone: Open redirect in the HTTP server implementation (marmoset_patch.py, publish.py, principiaredirect.py)]
-	RESERVED
+CVE-2013-4195 (Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) ...)
 	NOT-FOR-US: Plone
-CVE-2013-4194 [plone: File system path exposure (wysiwyg.py)]
-	RESERVED
+CVE-2013-4194 (The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x ...)
 	NOT-FOR-US: Plone
-CVE-2013-4193 [plone: Anonymous users capable to hide certain fields from content edit forms (typeswidget.py)]
-	RESERVED
+CVE-2013-4193 (typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
 	NOT-FOR-US: Plone
-CVE-2013-4192 [plone: Ability to spoof emails (sendto.py)]
-	RESERVED
+CVE-2013-4192 (sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
 	NOT-FOR-US: Plone
-CVE-2013-4191 [plone: Information exposure due improper access control enforcement when generating zip archives (zip.py)]
-	RESERVED
+CVE-2013-4191 (zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
 	NOT-FOR-US: Plone
-CVE-2013-4190 [plone: Multiple cross-site scripting (XSS) flaws (spamProtect.py, pts.py, request.py)]
-	RESERVED
+CVE-2013-4190 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
 	NOT-FOR-US: Plone
-CVE-2013-4189 [plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py)]
-	RESERVED
+CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, ...)
 	NOT-FOR-US: Plone
-CVE-2013-4188 [plone: DoS (infinite loop) by administrator privilege users when retrieving information for certain resources (traverser.py)]
-	RESERVED
+CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
 	NOT-FOR-US: Plone
 CVE-2013-4187 [Access Bypass]
 	RESERVED
@@ -13970,8 +14284,8 @@
 	NOT-FOR-US: Grandstream
 CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
 	NOT-FOR-US: Grandstream
-CVE-2013-3961
-	RESERVED
+CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda ...)
+	TODO: check
 CVE-2013-3960
 	RESERVED
 CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...)
@@ -14006,8 +14320,8 @@
 	RESERVED
 CVE-2013-3944
 	RESERVED
-CVE-2013-3943
-	RESERVED
+CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
+	TODO: check
 CVE-2013-3942
 	RESERVED
 CVE-2013-3941
@@ -14036,8 +14350,8 @@
 	RESERVED
 CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2013-3928
-	RESERVED
+CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
+	TODO: check
 CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
 	NOT-FOR-US: Siemens COMOS
 CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to ...)
@@ -14493,14 +14807,11 @@
 	RESERVED
 CVE-2013-3730
 	RESERVED
-CVE-2013-3729
-	RESERVED
+CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler ...)
 	NOT-FOR-US: Kasseler CMS
-CVE-2013-3728
-	RESERVED
+CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 ...)
 	NOT-FOR-US: Kasseler CMS
-CVE-2013-3727
-	RESERVED
+CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows ...)
 	NOT-FOR-US: Kasseler CMS
 CVE-2013-3726
 	REJECTED
@@ -16805,8 +17116,8 @@
 	NOT-FOR-US: CloudStack
 CVE-2013-2755
 	RESERVED
-CVE-2013-2754
-	RESERVED
+CVE-2013-2754 (Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS ...)
+	TODO: check
 CVE-2013-2753
 	RESERVED
 CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -18045,8 +18356,8 @@
 	RESERVED
 CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the ...)
 	NOT-FOR-US: Aruba Networks ArubaOS
-CVE-2013-2289
-	RESERVED
+CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2013-2288
 	RESERVED
 CVE-2013-2287
@@ -18088,8 +18399,8 @@
 	- bitcoin 0.8.1-2 (bug #705266)
 CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active ...)
 	NOT-FOR-US: D-Link DSL-2740B Gateway
-CVE-2013-2270
-	RESERVED
+CVE-2013-2270 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
+	TODO: check
 CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
 	NOT-FOR-US: Aruba Networks ClearPass
 CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
@@ -18851,11 +19162,9 @@
 CVE-2013-2047 [owncloud: oC-SA-2013-023]
 	RESERVED
 	- owncloud <not-affected> (Only 5.0.x)
-CVE-2013-2046 [owncloud: oC-SA-2013-019]
-	RESERVED
+CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server ...)
 	- owncloud <not-affected> (Only affects 4.5.x)
-CVE-2013-2045 [owncloud: oC-SA-2013-019]
-	RESERVED
+CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x ...)
 	- owncloud <not-affected> (Only affects 5.0.x)
 CVE-2013-2044 [owncloud: oC-SA-2013-022]
 	RESERVED
@@ -19374,8 +19683,7 @@
 	NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
 CVE-2013-1894
 	REJECTED
-CVE-2013-1893
-	RESERVED
+CVE-2013-1893 (SQL injection vulnerability in addressbookprovider.php in ownCloud ...)
 	- owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
 	- mongodb 1:2.4.1-1 (bug #704042)
@@ -19384,8 +19692,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
 CVE-2013-1891
 	RESERVED
-CVE-2013-1890
-	RESERVED
+CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
 	- owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1889
 	RESERVED
@@ -20440,8 +20747,8 @@
 	NOT-FOR-US: Opera
 CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
 	NOT-FOR-US: Opera
-CVE-2013-1636
-	RESERVED
+CVE-2013-1636 (Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in ...)
+	TODO: check
 CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...)
 	{DSA-2639-1}
 	- php5 5.4.4-14 (unimportant; bug #702221)
@@ -24985,8 +25292,8 @@
 	RESERVED
 CVE-2012-6291
 	RESERVED
-CVE-2012-6290
-	RESERVED
+CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote ...)
+	TODO: check
 CVE-2012-6289
 	RESERVED
 CVE-2012-6288




More information about the Secure-testing-commits mailing list